Prevent two users from submitting the same form data from separate sessions

prevent multiple form submissions server side
prevent multiple form submissions server side php
prevent user from submitting form twice
javascript prevent double submit
prevent multiple submitting in one button laravel
prevent multiple form submissions jquery
javascript get form values on submit
codeigniter prevent multiple submit

My application is a form-based application, where users can raise a request, an ID will be assigned to that request, the user will fill out some details, and then submit it through different stages. The issue that multiple users can be a part of one request, so there might be a case where user A and user B is looking at the form at the same time. User A may submit first, and then user B submits, which would cause the request to only show the info submitted by user B. To solve this, I've come up with two solutions:

-Before we submit the data to the DB, we make a get call to see if the data is already submitted (we uses statuses in our app. So we would check for the status of "Stage # Pending").

-We implement a Redis Cache for some other services. I could add something like

public submitRequest() {
  RMap<String, int> requestLockMap = redissonClient.getMap("requestLock");
  if(requestLockMap.get('request_ID') == 0) {
     requestLockMap.put('request_ID', 1);
     ...continue submitting request...
  }
}

This is essentially adding in a racing condition with the Redis Cache. However, I don't know if either is a good practice for this sort of thing. Are there any better alternatives? I am using Spring as our Java framework, so if there are any solutions to that, I'm open to hearing them.

What would be the downside of assigning a randomly generated ID for each submission?

For example using UUID

UUID.randomUUID().toString()

you reduce the chance of identical request IDs to statistically 0. DB colissions can be treated as exceptions, as such scenarios are unlikely to happen.

Using this approach you can also avoid scenarios when unauthorized users can see / edit adjacent information by using a previous request ID.

Professional Oracle WebLogic Server, The form might be populated with entity data during one read transaction, and sent to the but it does not inherently prevent two users from viewing the same entity data simultaneously and submitting conflicting changes one at a time. Each write transaction will succeed for both users, one after another, because value of  Several people may be using the same machine, even with the same username; or one person may have several separate login sessions, on one or several machines. Just sort out your protocol vs. 'Session' variables and make sure that the last committed changes are the ones that persist.

Don't follow your second solution. It will most likely lead to a race condition as you say.

Your first suggestion is correct. The key is to make the update inside a transaction and while being there check if the status is the expected so you may proceed with the update.

The status is similar to having a version id. When an entry is updated the version id is incremented. So a following/parallel edit will have an invalid version number or status and won't proceed. In your case if the status is not pending you will not proceed with the update.

Being inside a transaction you may rollback and return an error message to the user, i.e. the request has been edited by user X.

However, if there are many statuses you should better use a version id instead of the status.

An alternative way is to add the desired status in the where clause of the update statement as shown here to avoid updating a modified row.

Hibernate has a build in mechanism to achieve optimistic locking. See this for details.

Mastering ASP.NET with Visual C#, process of maintaining a value or an object across page, session, end of the connection, so they're not available for the next request— even to the same page. Suppose you ask users to enter some data—perhaps fill in a product order form. Instead, you need to prevent multiple form submissions in some other way. There are two ways users can be restricted to login from multiple sessions, either previous session of user be removed, or new session of user be disallowed. In both approaches I would recommend

I'd suggest to have a timestamp field in the table, that the users are updating. When you show the form to user, read the timestamp and keep it in session. When updating, do something like update table A set some_column = 'value', timestamp = now() where id = 1 and timestamp = 'whatever timestamp you read earlier'. Then look at the return of the update statement, if it's 1, you updated the row, if it's 0, the other user has already updated - show some error/notification to the user. Ofcourse, you'll need to update the timestamp field during each update.

Web Coding & Development All-in-One For Dummies, A PHP session is a vital link between your users and your app because it form was submitted by the session user) and you can safely proceed; if they're different, trying to pull a fast one and your code should stop processing the form data. Two people can fill out and submit the same form at the same time, but each person would have their own instance (we call this a submission). So the responses that one person enters and submits would go into one submission, and responses entered by the other person would go into another submission.

One solution is to use an auto-increment integer field. When you fetch the record that will have one value and you include that in the form information. When the form is submitted, the record is read to see if it sill has the same value. If so, commit. If not, reject and send an error to the user that they are too late.

Since the field is automatically incremented on every commit, you don't have to do anything other than make sure that the submitted form includes the same value for that field.

Prevent multiple form submissions, PHP form > How to > Prevent multiple form submissions the form has been submitted and the second one will change the button text to give the user If you wish to avoid duplicate submissions for the entire browser session (or longer) you we used */ function check_input($data, $problem='') { $data = trim($data); $data  Session are useful when you want to store user data globally through out the application. This can be done in two ways. One is storing them in a global variables and second is storing the data in shared preferences.

How to pass form variables from one page to other page in PHP , Splitting a form into multiple steps or pages allow better data handling and Session entries will be deleted as soon as the user closes the browser or leaves the site. In the next step, submitted information will be stored in the session array. Conclusion: Sessions can be used to keep form data active until either the  But sometimes you may need to allow multiple remote desktop sessions for A single user at the same time. For allowing concurrent same user sessions you need to change the terminal server settings in the registry on the server. Below is the step by step instruction to fix the problem. Follow the below steps to do the registry change.

Forms and Form Fields :: Eloquent JavaScript, Forms were introduced briefly in the previous chapter as a way to submit information HTML allows a number of different styles of fields, ranging from simple on/off This event can be handled by JavaScript, and the handler can prevent the We can write code to verify that the values the user entered make sense and  I have an ASP.NET application that uses Session.SessionID to prevent multiple users viewing the same data at the same time. I have a table that contains a set of images (stored in BLOB) that require processing. Only one user is supposed to be able to view the same image at the same time.

Preventing Multiple Submits, The problem of multiple form submissions is quite common in PHP. a hidden field in the HTML form, the value can be checked in the page the form data is submitted to. Like any method of accepting data from users, three rules are followed. This includes the first name field, the form token, and the session form token. I have an requirement that : I need to prevent multiple logins with same credentials on different devices,i.e.Logout the previous login user and allow the new user for login. Lets say user_A is already login then user_B tries to login to the application with the same credentials of user_A then logout the user_A and allow the user_B to login.I

Comments
  • If you use hibernate, it already has in built version check if it is a update. Why dont you use it.
  • @AshraffAliWahab We define our own SQL using sql server, isn't hibernate for Java?
  • Hibernate is for Java connecting to any RDBMS.so SQL server is not an issue.
  • @AshraffAliWahab Right, but don't you define your query procedures using the Hibernate framework? All of our stored procedures are defined in the sql server we are running. We can port the procedures to Java and code them with Hibernate in mind, but that will take a monumental effort. Or can I incorporate Hibernate into our Java project and just use it to call the stored proc name?
  • Ok got it. That would be too much change. Look at this link about application lock in SQL server stored procedures based on transaction/session. sqlteam.com/articles/…
  • This approach is not really user-friendly. For small systems with few users, this scenario rarely happens, but think in term of hundreds of concurrent users / systems