Login

PaulD · 06-19-2016, 12:43 AM

Hi,

Thanks for that answer. I agree that Ajax is a different issue and I have just been trying to exclude some ajax URI's but the regex's defeated me (it is a very dynamic url), so instead reverted to the more usual including of the hash and token directly in the js. And as far as I have experienced it, ajax calls regenerate the CSRF too.

In the example I am looking at though, it is a straight up HTML form. In fact, all it does is add a new record so the form is just taking a name/title for the record, and that is it. But double clicking the button quickly is creating two records to be inserted. Which is quite frustrating. This example is my own site that I am just building for myself, but this relatively small issue has really irked me and the more I have tried to fix it the more it is annoying me.

I am just having a look at the CI token handling now, as I cannot believe that a double post has time to pass two checks before CI updates the token, but if it happens at different stages of the process, and not immediately upon the first check, then I suppose it might.

The file you linked to is coded so beautifully, it was a pleasure to have a read of it. Thank you. I recently chose ion_auth over community_auth but it was a hard and probably personal decision. Look forward to trying community auth though.

Best wishes,

Paul.

PS I too never leave a page hanging and love using those tiny animated loading gifs for ajax messaging during ajax calls. They childishly always make me feel all 'professional' even though they are just tiny gifs :-)
PPS I love making them as well - customers are always so impressed with a little personalized favicon based loading gif :-)