Update of sr #111059 (group administration): Status: None => In Progress Assigned to: None => ineiev
_______________________________________________________ Follow-up Comment #2: [reordered] [comment #0 original submission:] ... > what I want to see is a dump of the field changes that were submitted, and above all the text of the comment that couldn't be posted, because that often takes a lot of time and thought to compose. Thank you, done. ... > I believe I understand the necessity of not performing a ticket update against stale data. This feature isn't really intended for dealing with 'stale' data, it's about posting the same message multiple times, and more important, it is used to block cross-site scripting. > ...So possibly "Duplicate post" is being thrown for spurious or excessively aggressive reasons, like the age of some cookie, or because some server got rebooted. It may, but at this point, I have no sufficient data to tell. The feature doesn't depend on cookies in the strict sense or on rebooting the server. This is how it works. When a user visits a page containing a form, a form_id token is saved in Savane database and inserted on the page; when the form is submitted, the request is only honored when the token is present both in the request and in the database (e.g. a malicious page from a third party website can't embed it), and at the same time the token is removed from the database. Then, a cron job removes the tokens more than a day old; that period could be increased, but we should clear them at some point. I'm not sure how this mechanism can be improved or replaced. [comment #1 comment #1:] > ...it does nothing to prevent collisions... No, it doesn't. The server could add the previous state to the form and then check against it, but that would be more than a dozen or two lines of Savane code. _______________________________________________________ Reply to this item at: <https://savannah.nongnu.org/support/?111059> _______________________________________________ Message sent via Savannah https://savannah.nongnu.org/