Kilian Hekhuis
mvp_badge
MVP
Rank: #2
1080Views
18Comments
Preventing multiple execution of Save action
Question
On a screen, we have a Save button that creates a new record in the database based on the user input. However, if the user manages to click the button quickly multiple times, multiple records are created, as the requests are handled by IIS in parallel. Is there an easy way to prevent this?
0
0
on 2014-01-17
Copy link to comment
Miguel Grilo
Rank: #14119
Hi Kilian, you can disable the button ononeclick with Javascript to prevent multiple calls to the server.

Best Regards
0
0
on 2014-01-17
Copy link to comment
Kilian Hekhuis
mvp_badge
MVP
Rank: #2
Yeah, I was afraid that using Javascript would be necessary. It's such a common use-case that I can't believe the platform doesn't supply a native solution.
1
0
on 2014-01-24
Copy link to comment
Davide Marquês
Staff
Rank: #214
Hi Kilian,

I went ahead and added this as a new idea:
https://www.outsystems.com/ideas/1524/preventing-multiple-execution-of-save-action/

Another pattern that sometimes requires a manual implementation is Post/Redirect/Get - this one is important to prevent duplicate submissions by people refreshing their browser (and not realizing what the browser warning means).
 
Cheers,
Davide
0
0
on 2014-01-25
Copy link to comment
Maybe he pressed the submit button twice.

:p
2
0
on 2014-01-27
Copy link to comment
André Vieira
Staff
Rank: #12
Hi Tiago,

Please test now. It should be fixed. This was due to our maintenance this morning...
0
0
on 2014-01-27
Copy link to comment
Davide Marquês
Staff
Rank: #214
Yup! It was broken for a bit, but things are now coming back. ;)
0
0
on 2014-01-27
Copy link to comment
Tiago Bernardo
Rank: #182
Hi!
Just stumpled on this problem right now on a recent production system... duplicate records were created...
When developing the application this situation can be avoided with extra validation code, but the whole purpose of RAD is undermined with this approach... The developer should not be worried about this so frequent cenario...
1
0
on 2015-08-17
Copy link to comment
Well, one way to do this is to use tokens.

1. Add an hidden text field to your form and, in the Preparation, in the part that does't run during a screen refresh, set it with some random value. Also, assign this same value to a session variable.

2. Immediately at the begining of the action that handles the button, check that the values in the hidden field and the session variable match. If they do, clear the session variable, and do whatever the button should do, if they don't immediately exit the action.

As an added bonus, no more CSRF attacks on your form!

Note: if your users are *really* fast or you have a network with very high latency, since the requests do run in parallel, I'm sure we can all see where a race condition could happen.
0
0
on 2015-08-17
Copy link to comment
Tiago Bernardo
Rank: #182
I'm sure there are plenty of solutions for this, but have you taken a step back and looked at the overhead that you just introduced just to take care of this problem?... (an hidden text field, a session variable, complicating the logic of the action...)
0
0
on 2015-08-17
Copy link to comment
Yup :)

Disabling the button using JavaScript works for most cases, and it's a lot easier, and has no overhead on the server.

However, for websites on the Internet where anyone can reach them, it may be necessary to prevent CSRF attacks too. And this does that too.

On that note, if you only want to prevent CSRF attacks, you may use a cookie instead of a session variable, and reduce the server overhead.

(But then again, I'm the kind of guy that enters alert('LOL!'); as a name in random websites...)
0
0
on 2015-08-17
Copy link to comment
Tiago Bernardo
Rank: #182
Apparently this idead was merged with this one:
https://www.outsystems.com/ideas/504/platform-mechanism-to-prevent-button-double-clicking
0
0
on 2015-08-21
Copy link to comment
João Pedro Abreu
Staff
Rank: #58
To save the hassle of adding javascript everywhere, I've made a small component to disable a button or link after it is clicked (with javascript).
https://www.outsystems.com/forge/component/670/prevent-spam-clicks/
0
0
on 2019-08-12
Copy link to comment

Hi people!


Using server side solutions, like setting variables and refreshing buttons, might not do the trick. Succesfully preventing a double-click is usually attainable only using javascript. 

The funny thing is, I have come across many people suggesting this, but they don't tell you exactly how to do it. To be really helpfull we should try to give the complete solution.


I had this problem and solved it the following way: 


To disable the link, I gave a generic Class named (for instance) "PointerClass" to the link I was going to "disable/enable". Then, on the "onclick" extended property of the Link, I set: 


"$('.PointerClass').css('pointer-events','none');"


To enable the Link again, I put a Javascript action at the end of the action called, with the code :

"$('.PointerClass').css('pointer-events','auto');"


Regards,

Adérito Angelino


4
0
on 2019-10-04
Copy link to comment
assif_tiger
Rank: #82

Hi Folks,

You can use the below plugin to control the Spam Click globally without adding a block or adding a JS for each button:

OS-UI Component with Sample Link

SILK-UI Component with Sample Link

Live Sample URL Link

0
0
on 2019-10-04
Copy link to comment
Company
Corporate Site
Contacts
Cookie Policy
Support
Technical Support
Community Forums
 OutSystems© All rights reserved. Custom built with (h) and (o)