I'm trying to find a solution to a problem I'm facing with an ASP.NET application (C# / MySQL Backend).
The application uses webforms in a multi step wizard to insert data into a SQL database, the various steps are javascript driven so no 'submit' is done until the 'last' step. In certain circumstances anyway if the user click the browser 'back' button just after the 'last' step the form is resubmitted and the SQL INSERT is triggered again creating dupes of the original record.
I tought to use an Ajax based mechanism to track the steps of the form until the wizard reach the 'last' step. After that trough the same Ajax function I will prevent the resubmit of the form preventing dupes.
I don't want to use javascript tricks to disable the back button for obvious reasons.
The main problem of this solution is that I don't like it so much and it will also be quite difficult to implement since wizards on the application form are quite articulated and this may cause some problem.
Is there a 'best practice' to prevent such issues without building complex infrastructures?
I'm not posting code because I think it will be misleading and unnecessary.
Best regards, Mike
I found a solution to my problem. I think this can be a reasonably good practice for people facing the same problem. Of course it's not perfect but maybe someone else can refine this as the 'perfect solution'.
First of all in the .aspx code of the page launching the form that was duplicating records I placed this:
<asp:LinkButton
ID="_btnForm1"
runat="server"
OnCommand="Link_Command"
CommandArgument='<%#Eval("id","~/Form1.aspx?id={0}&step=Exit")%>'>
Form1
</asp:LinkButton>
In the backend code I created an hanlder for the Link_Button command:
protected void Link_Command(object sender, CommandEventArgs e)
{
Session["key"] = Guid.NewGuid().ToString().Replace("-", string.Empty);
Response.Redirect(e.CommandArgument.ToString());
}
In short it generates an unique hash code storing it as a Session value.
In the form managing records I checked for the Session["key"] value to be present and not null. If the key is present the code hasn't reached it's critical part then the forms should be resubmitted without problems.
When the code reaches the critical part (just before data insertion into database) I cleared up the Session["key"] value:
Session.Remove("key");
Then if the user tries to resubmit the form after the critical part the Session key isn't present anymore and the code could trap the 'anomaly' and show up an error message or redirect over a different page:
if (Session["key"] == null)
{
Response.Redirect("Error.aspx?script=" + HttpUtility.UrlEncode(Request.Path));
}