[mod_python] Multiple submissions from the same user

Martin (gzlist) gzlist at googlemail.com
Fri Apr 4 11:40:08 EDT 2008 

On 04/04/2008, <Dominique.Holzwarth at ch.delarue.com> wrote:
> Hello everyone
>
>  Does anyone know how I can configure apache and/or mod_python in a way, so that multiple requests from the same user are 'ignored' (python scripts not executed) if the answer of the first request wasn't completely sent to the browser yet?
>
>  I just stumbled over that problem while testing my web application which has a form with several "submit" buttons and when I click one of them - or different ones - very quick after each other ('spam clicking') then my scripts don't like that at all and gracefully die :-)

The solution is to stop the scripts dying? If for instance, it needs
to write to a file user/{username} then running it twice at the same
time will cause the second instance should either fall over or block
till the first finishes, but the first should be unaffected either
way. If that's not already the case, you need to have an explicit
locking mechanism:

def do_action_for(user):
    with lock = lock_for(user):
        dangerous_stuff_for(user)

Once that's in place, you can fix your problem by blocking on the
lock, then once the lock is acquired, checking to see if the action is
already done, and returning the result straight away:

def do_action_for(user):
    with lock = lock_for(user):
        result_filename = result_file_for(user)
        if not os.exists(result_filename):
            file(result_filename, "w").write(dangerous_stuff_for(user))
        fast_redirect_to(result_filename)

If you're cunning, you can combine the lock and result cache mechanism.

>  As a quick work-around I was thinking about simply disabling the submit buttons with javascript and the "onsubmit" event handler but as we all know javascript ain't THAT reliable so I was wondering if it's possible to control that problem on the server side.

Client side scripting really isn't the answer to a server program bug.
Website users will do unexpected things whatever: like trying to
delete the same item twice because they get back-button confused.
Trying to take away their back button then is not the solution, you
need to make sure you're coping with odd input.

>  Another, but similar question I have:
>  How can I configure apache / mod_python to allow only ONE active session per user at a time? At the moment I can login with same user/pw unlimited times which also ain't really good for my application =)

With sessions, this is generally legal, but should invalidate the old
session. Slightly annoying when you're testing with two browsers at
once, as they log each other out, but the convention. You can do this
by checking to see if the user already has a session in the database
before handing out a new one, and removing it if they do.

Martin

More information about the Mod_python mailing list