Active
Project:
Pay
Version:
6.x-1.1
Component:
Code
Priority:
Normal
Category:
Support request
Assigned:
Unassigned
Reporter:
Created:
13 Jun 2011 at 23:44 UTC
Updated:
30 Mar 2012 at 15:21 UTC
I was wondering if the Pay module offers any protection against double clicking (leading to duplicate transactions). Looking at form_submit() in includes/handlers/pay_form.inc I can see it unsets $form_state['rebuild'] and $form_state['storage'] but not entirely sure if that is a double-click prevention method or not, is it?
Comments
Comment #1
yeagermiester commented@stella
At least in practice, our implementation is vulnerable to double-clicking. We've had to do one refund already after having been in production for a week.
Comment #2
pillarsdotnet commentedCould set a session variable in the form and check/clear it on submit.