This is kinda crosspost from a response at ars
I have been thinking about this lately and this seems like a good time
to bounce an idea off the community. To prevent double clicks on pages
incorporate these steps:
1) On the preceding form pages create an entry in a nsv array
with a key value pair of (unique id) / $time.
2) Export the unique id to page with doubleclick protection
3) First thing in protected page check to see if nsv entry still
exists
IF NOT: Either page has been hit already or nsv cache
purging has removed the allowed action.
IF SO: UNSET nsv array entry and continue on and process
transaction
Add a scheduled proc to periodically clean out old nsv entries
that have a time value beyond limit (set by configuration variable)
I think this approach saves :
1) A call to the db on preceding page and having to prereserve an
id which may/maynot be used ... not all people hit that submit
button
2) Page is tagged to preceding page so abandoned submissions dont
block other threads of same intent.
3) It can be a more generic approach to the same problem for
several places where implementation may be desired.
Someone pointed out that there may be problems with clustered servers
but I think that would be limited to servers that are not on round
robin setup and are using best available approach. This brings up
another item for discussion: An approach for clustered server
communication that would be generic enough for this and other issues /
session mgmt, etc.
Just some thoughts on how I will probably implement but I'm open
to suggestions / comments.