Home > Developer > ASP

ASP. NET prevents repeated submission of forms due to page refreshing

Source: Internet
Author: User
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

In web development, the problem that must be addressed is the repeated submission of forms (here only refers to repeated submission caused by F5 refreshing). There seems to be no good way to deal with this problem in. net. Search
There are two solutions: one is to invalidate the form button directly, so that one user can only submit one form once; the other is, is to clear the form after a submission, in the background logic for determination
To identify whether the request is submitted repeatedly.
In my personal opinion, the first method is that the user experience is poor, and the button can only be pressed once. This should be used to prevent repeated submissions caused by multiple clicks of the submit button and prevent secondary submissions caused by refresh; in the second case, both types of repeated submissions can be prevented, but the content of the form is gone. If there is a need to prevent the content from disappearing, it will take some twists and turns.
Therefore, I imitated the struts token in JSP and wrote a method to prevent the form from being submitted repeatedly.

Implementation principle:
Since refresh the submission form, the last normal submission form is actually submitted, so we only need to make a flag, you can determine whether a new form or the last old form has been submitted repeatedly.

Implementation Method:

Place a hidden domain on the page. When the page is loaded for the first time, save a flag in the session and save the mark to the hidden on the page. Before submitting
When you determine whether the hidden signs in the form are consistent with those in the session, you can know whether the form is submitted normally or the repeated submission caused by PAGE refreshing. Note that,
After processing each submitted form, update the flag in the session.

Code example:
Few codes, first on the page.

  1. <HTML xmlns = "http://www.w3.org/1999/xhtml">
  2. <Head runat = "server">
  3. <Title> </title>
  4. </Head>
  5. <Body>
  6. <Form ID = "form1" runat = "server">
  7. <Div>
  8. <Input type = "text" id = "tbxname" runat = "server"/>
  9. <Input type = "text" id = "tbxpass" value = "" runat = "server"/>
  10. <Asp: button id = "btnsubmit" runat = "server" onclick = "button#click" text = "button"/>
  11. <Asp: Label id = "lblmessage" runat = "server" text = ""> </ASP: Label>
  12. <Input id = "hiddentest" type = "hidden" value = "<% = gettoken () %>" name = "hiddentestn"/>
  13. </Div>
  14. </Form>
  15. </Body>
  16. </Html>

Note:
1 getsessiontoken () function is used to obtain the token stored in the session.

2
Hidden uses a non-server control. This is because when I use a server control and directly obtain the session flag in the background and assign a value to this hidden, I refresh and submit it to the server.
The value of hidden in the form has also changed. If the result is a server control, the values in the form are synchronized. Of course, it may be that the method I used is incorrect.

The following is the background code:

  1. Using system;
  2. Using system. Data;
  3. Using system. configuration;
  4. Using system. Web;
  5. Using system. Web. Security;
  6. Using system. Web. UI;
  7. Using system. Web. UI. webcontrols;
  8. Using system. Web. UI. webcontrols. webparts;
  9. Using system. Web. UI. htmlcontrols;
  10. Using system. Security. cryptography;
  11. Using system. text;
  13. Public partial class _ default: system. Web. UI. Page
  14. {
  15. Protected void page_load (Object sender, eventargs E)
  16. {
  17. // An initial flag is generated during the first loading.
  18. If (null = session ["token"])
  19. {
  20. Settoken ();
  21. }
  22. }
  24. Protected void button#click (Object sender, eventargs E)
  25. {
  26. If (request. Form. Get ("hiddentestn"). Equals (gettoken ()))
  27. {
  28. Lblmessage. forecolor = system. Drawing. color. blue;
  29. Lblmessage. Text = "normal submission form ";
  30. Settoken (); // do not forget to update the flag in the session.
  31. }
  32. Else
  33. {
  34. Lblmessage. forecolor = system. Drawing. color. Red;
  35. Lblmessage. Text = "refresh the submission form ";
  36. }
  37. }
  39. // Obtain the flag saved in the current session
  40. Public String gettoken ()
  41. {
  42. If (null! = Session ["token"])
  43. {
  44. Return session ["token"]. tostring ();
  45. }
  46. Else
  47. {
  48. Return string. empty;
  49. }
  50. }
  52. // Generate a flag and save it to the session
  53. Private void settoken ()
  54. {
  55. Session. Add ("token", usermd5 (session. sessionid + datetime. Now. ticks. tostring ()));
  56. }
  58. // This function is purely intended to make the logo a little shorter. A bunch of garbled characters are also mysterious. In addition, this usermd5 function is readily available on the Internet.
  59. Protected string usermd5 (string str1)
  60. {
  61. String cl1 = str1;
  62. String Pwd = "";
  63. MD5 MD5 = md5.create ();
  64. // The encrypted data is a byte array.
  65. Byte [] S = md5.computehash (encoding. Unicode. getbytes (cl1 ));
  66. // Convert an array of the byte type into a string by using a loop. This string is obtained by regular character formatting.
  67. For (INT I = 0; I <S. length; I ++)
  68. {
  69. // Use the hexadecimal format of the obtained string. The characters in the format are lowercase letters. If uppercase letters (x) are used, the characters in the format are uppercase letters.
  70. Pwd = PWD + s [I]. tostring ("X ");
  71. }
  72. Return PWD;
  73. }
  74. }

Note:
1. Generate a flag when loading the page for the first time, and you will not need it later.
2. At the end of the form processing function, remember to update the flag.
3. I chose the current sessionid and the current time millisecond value. This basically avoids the mark duplication and then implements MD5 once. It is purely for the logo to be shorter, of course, a little bit secure, haha.

All the code is very simple. I don't know if it's too simple or you have a better way. I didn't find similar code on the Internet, so I will write it down and share it with you. If there is a better way, I hope I can tell you that because I haven't done Web development for a long time, I'm afraid many new technologies won't happen.

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More