Databases
StackOverflow2013
Postsdbo
PO
 

Note that there are some explanatory texts on larger screens.

plurals
  1. PO
    primarykey
    data
    text
    <p>Often people overlook the most conventional way to handle this which is to use <strong>nonce keys</strong>.</p> <p>You can use <strong><a href="http://en.wikipedia.org/wiki/Post/Redirect/Get" rel="noreferrer">PRG</a></strong> as others have mentioned but the downside with PRG is that it doesn't solve the double-click problem, it requires an extra trip to the server for the redirect, and since the last step is a GET request you don't have direct access to the data that was just posted (though it could be passed as a query param or maintained on the server side).</p> <p>I like the Javascript solution because it works <em>most</em> of the time.</p> <p><strong>Nonce keys</strong> however, work all the time. The nonce key is a random unique GUID generated by the server (also saved in the database) and embedded in the form. When the user POSTs the form, the nonce key also gets posted. As soon as a POST comes in to the server, the server verifies the nonce key exists in its database. If it does, the server deletes the key from the database and processes the form. Consequently if the user POSTs twice, the second POST won't be processed because the nonce key was deleted after processing the first POST.</p> <p>The nonce key has an added advantage in that it brings additional security by preventing <a href="http://en.wikipedia.org/wiki/Replay_attack" rel="noreferrer">replay attacks</a> (a man in the middle sniffs your HTTP request and then replays it to the server which treats it as a legitimate).</p>
    singulars
    1. This table or related slice is empty.
    1. POWhat methods are available to stop multiple postbacks of a form in ASP.NET MVC?
      singulars
      1. PTQuestion
    1. PTAnswer
    1. USaleemb
    1. USaleemb
    plurals
    1. This table or related slice is empty.
    1. This table or related slice is empty.
    1. POWhat methods are available to stop multiple postbacks of a form in ASP.NET MVC?
      singulars
      1. PTQuestion
    1. This table or related slice is empty.
    1. VO
      singulars
      1. PO
      1. This table or related slice is empty.
      1. VTUpMod
    2. VO
      singulars
      1. PO
      1. This table or related slice is empty.
      1. VTUpMod
    3. VO
      singulars
      1. PO
      1. This table or related slice is empty.
      1. VTUpMod
    1. COInteresting idea, one thing I would add is that you should put the sequence in a transaction: 1) check nonce 2) process 3) delete nonce. If you don't do this atomically you have a race condition where the post can be processed multple times, esp. if processing takes a while to finish (and the user is impatient). One thing I'm still not clear about is, if the POST detects a duplicate submission, what should be returned to the user? A page indicating that the post is in progress?
      singulars
      1. PO
      1. USDSO
    2. COI would delete the nonce key first and then do the processing to keep things simple. How to handle a dupe is a design decision and up to you. However, a descriptive response of what just happened would help the user appreciate your web app even more.
      singulars
      1. PO
      1. USaleemb
    3. COHave you seen an implementation of nonce keys in ASP.NET MVC using ActionFilters perhaps? I can imagine this would make the implementation very simple and reusable. It could also use a DB or simply a session variable.
      singulars
      1. PO
      1. USWooWaaBob
 

Querying!

 
Guidance
A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload