Also, cross-site request forgery attacks: https://www.owasp.org/index.php/Top_10_2010-A5
Anthony On Wednesday, September 14, 2011 10:36:41 PM UTC-4, Cliff wrote: > > Double submits can happen. > > On Sep 14, 9:16 pm, Lennon <lpr...@hotmail.com> wrote: > > Thanks you! Thanks to this info I was able to recreate the exact form > > clearing problem by loading another instance of the form in another > > tab/window. > > > > I have taken out the session from form.accepts in those forms and now > > everything is fine. > > > > Can anybody forsee any problems with my removing that? > > > > ~Lennon > > > > On Sep 14, 12:44 am, Massimo Di Pierro <massimo....@gmail.com> > > wrote: > > > > > > > > > Is it possible they had two windows open on the same form? Passing the > > > session to accepts(...) uses a mechanism to prevent double form > > > submission that assume once a form is open, it is only opened one > > > (within the session) until it is submitted. > > > > > On Sep 13, 11:34 pm, Lennon <lpr...@hotmail.com> wrote: > > > > > > I have a few forms in a web2py shopping cart that I built from > > > > scratch. Most of the time the forms are working fine but once in > > > > awhile on submission a form will neither submit and redirect to the > > > > next page of the cart nor return any form errors as it usually does > > > > when there is a form error. > > > > > > Instead it simply refreshes the page and clears the form. What's > > > > really frustrating about this bug is that the same user will have > this > > > > bug and when they try again with the same browser and same data it > > > > will work fine. > > > > > > In fact, none of my team has been able to reproduce it but three of > > > > our users have reported it so I'm inclined to think something is > > > > wrong. > > > > > > One thing the forms all in common is that they all add session as an > > > > argument for form.accepts: > > > > > > if form.accepts(request.vars, session): > > > > > > Perhaps if something was screwy in my session it might cause this > > > > behavior? Although when I looked in the gluon/sqlhtml web2py file it > > > > didn't seem to use session for much of anything. > > > > > > The various forms and models are all very long so before posting all > > > > of that code, I was wondering if anybody simply had some thoughts on > > > > what might be causing this and/or could point me in the right > > > > direction. > > > > > > I'll be happy to post any part of the code that would help shed some > > > > light on the matter. Let me know, thanks.
