hi, Yaroslav. i don't have any sample codes to post. but this is what i usually care. webapps i build are most of the time e-commerce apps and i have the same problem when a user submit the final order ( that is the transaction i need to protect ). there are two things i care. 1. i wanna protect honest customers from accidental multiple submits 2. i wanna protect database integrity from malicious users. so, i use javascript to prevent multiple submits as client-side solution. for server-side, i use Post-Redirect- Get-like solution as you mentioned. ( two actions for setup and submit). and also token. i think this is pretty much enough to protect honest users. and for malicious users, i don't care as long as database integrity is not broken. so, i prefer forwarding to error page explaining possible reasons why error page showed up to showing success page or for delete, error page saying "no such entity with id X" on second submit. in those cases, users cannot see the result of the first submit. but most of the time customers can understand what happend ( if they are the malicious, truely they knew ). i hope this wil cover some of your interest. regards ichy and for the sychronization, i wonder if that leads to DoS attack or not..
