- From: Kornel <kornel@geekhood.net>
- Date: Tue, 26 Jan 2010 15:22:42 +0000
On 26 Jan 2010, at 14:34, Aaron Bassett wrote: > > Ensuring that your server-side form handler can detect and properly > deal with multiple submissions? > > Client-side validation should only ever supplement server-side > validation, never replace it. The reason for client-side validation is > to improve the user experience, it allows for common data entry > problems to be detected and the user notified without a round trip to > the server. IMHO disabling the submit button does not add anything to > the user's experience, so there is no reason to do it. Unless you are > too lazy to have proper server-side validation? ;) I agree that in cases when it's important that duplicate submissions are stopped (placing orders, etc.), there must be server-side protection. However it's not always essential (e.g. for idempotent actions or in chat applications) and in these cases authors may be OK with weak protection. There are benefits of client-side prevention regardless of server-side validation: - if form is large (long wiki page or file upload), it saves time and bandwidth. - if client-side handles most cases, then server-side check for duplicate submission becomes mainly a fallback and security measure, and doesn't need to be as user-friendly (i.e. it would suffice if it replied with error instead of having to silently redirect to previous submission's result). This simplifies server-side implementation. -- regards, Kornel
Received on Tuesday, 26 January 2010 07:22:42 UTC