Skip to content


Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
A server-side control to avoid double-submission of html forms with sensitive data
branch: master

uh... first commit?

latest commit b2022e3e42
Herval Freire authored
Failed to load latest commit information.
lib uh... first commit?
README uh... first commit?
init.rb uh... first commit?


= Double Submit Protection Plugin =

This plugin implements a symetrical token approach to avoid duplicate posts of data. This is specially
useful when you're dealing with data-sensitive forms (credit-card processing, for instance), where
a duplicated posting may lead to a user getting charged twice. This control is done via a
token placed on user's form and synchronized with the session - whenever the token is different, you
can simply verify it on the controllers by using the 'double_submit?' method

Version History

v1.0 <-- You are here
- Initial release of the plugin

v1.1 (still to be released)
- Automatic support for token as an attribute (e.g. form_for :something, :url => {}, :double_submit_protection => true }
- Save the cheerleader, save the world

Usage Example

<%= form_for :blah, :url => { :action => "create" } do |f| %>
  ... (some form content here)
  <%=double_submit_token %>
<% end %>

  def create
    if double_submit?
      flash[:message] = 'Whoa, hang in there dude...'
      render :action => :register

    # do something here



Copyright (C) 2008 Herval Freire ( No license intended - you are free to duplicate,
immitate, print this code and shred it to pieces, blog about it, take pictures with it and even say it was
 brilliantly developed by yourself and brag about it.
Something went wrong with that request. Please try again.