Real life situation: placing bets on a betting website. Users would double click and get two bets placed. Not good! Javascript checks were not sufficient to prevent this.
Solution:
-
Create UUID/GUID hidden input in form using server-side scripting language that renders the form.
-
On form submission immediately add this to a database table called
UniqueSubmissions
(for example). Then proceed with processing. -
Every subsequent request with the same UUID/GUID will be rejected if found in the
UniqueSubmissions
table.
This worked for us. Hope that helps answer your question!