asp.net - How do I control repeated Ajax 'post' submissions? - Stack Overflow

admin管理员组

文章数量:1335580

I do not want to stop the user from clicking the same ajax button many times, but I want to exercise some control to prevent someone from maliciously clicking the button repeatedly which would cause repeated database requests. What is simple way to handle this on a jquery .post in asp mvc? If I put in a time delay, the experience client side will be ruined (?)

I do not want to stop the user from clicking the same ajax button many times, but I want to exercise some control to prevent someone from maliciously clicking the button repeatedly which would cause repeated database requests. What is simple way to handle this on a jquery .post in asp mvc? If I put in a time delay, the experience client side will be ruined (?)

• asp
• javascript
• asp-mvc
• asp-ajax

Share Follow asked Feb 5, 2009 at 22:46 zsharpzsharp 13.8k2929 gold badges9090 silver badges156156 bronze badges

Add a ment  | 

7 Answers 7

Sorted by: Reset to default 6

Why not disable the button after it is clicked, and then re-enable it once you have received the response from the server?

This is not a client-side issue and can only be handled on the server side. If an AJAX request is being made, then a malicious user can make the AJAX request directly to your server directly through HTTP--it's quite trivial even for newbies using something like WFtech or Curl.

Not to state the obvious, but if a user can click a button multiple times, then so can an adversary and there's no way of really determining who is who. You can do some kind of throttling to limit it to x clicks per y seconds etc but then the adversary can also throttle his click rate.

set a flag in your javascript indicating pending request, once response arrives unset the flag.

This way user can click button as many times as he wishes, there's gonna be only one 'active' request to the server.

Why don't you keep track of how many times the user is pressing the button, and every one or one-half second, you run the method to submit the query along with the number of clicks (or don't do anything if no clicks are made). Also, in the method reset the number of clicks to 0 so the next query will be accurate.

Disable the button until the request is plete?

You can put the button on a timer so once pressed, it will be disabled for X seconds or until it receives a response from the server.

An approach that applies in fact to any post made is to add a random token generated by client. When the server receives the post the first time it records the token, any subsequent request ing with the same token is then ignored.

I heard about that on .Net Rocks #367 with Udi Dahan

本文标签： aspnetHow do I control repeated Ajax 39post39 submissionsStack Overflow