Given that a customer can register for a website, entering basic personal info, email, and selecting a desired widget (we'll call it a widget, for arguments' sake). customer then proceeds to next step of registration, entering payment info.
The customer sees that they entered some info incorrectly on the first page, and uses their browser's 'back' button to go back and change the bad info, then submit again.
This creates a duplicate registration in the system, since the system does not know the customer has already registered moments ago.
Now, the registration system is set up in such a way that it tries to pass around the user's reg info to avoid this kind of duplication, and handles fine when using the in-page 'back' button, but that browser 'back' button can be a hassle as it causes the user to resubmit the form from a cached copy as through they had not submitted it once already.
A couple options I've thought of: scan the DB for 5 key fields (say, first last email zip and widgetID) and call it a dupe if any 4 match... same as above but weight email higher than the other fields cookie the user upon customer record generation and use this cookie as the flag throw a js flag on submission that tells the form it's already been submitted, so subsequent submissions at least know that they're dupes already (and can loosen the guidelines for dupe matching) set an encrypted 'reqID' unique to each request, store this reqID in the generated record, and look up the reqID to see if the incoming request has already been handled.
Of all of these, cookies sound the easiest and most probable, but is potentially ineffective in the case that a cookie is not set/read properly... We're trying not to rely on any browser-side capability for this -- a little pre-check with the cookie and/or JS is fine, but I need a semi-bulletproof way to do this all on the back end, purely by analyzing the input.
Seems like the reqID would work, but involves generating and recording essentially useless info to the DB purely for the purpose of dupe-checking submissions... there has *got* to be a better way...
I *KNOW* this is something many developers face... any simple answers or clever tricks? Any feedback appreciated.
You could try and avoid this from happening in the first place by giving the user a confirmation page showing what they have entered, only once the user clicks the "confirm" button will they be registered.
Secondly to avoid duplication registrations, apart from using cookies you could use a session variable, create a customer class, and store it in the session. When the submit button is clicked, check the session variable, if it is null you register the customer and set the session variable to the registered customer. Otherwise if the session variable is not null it means the customer has already registered.
Ask the customer to pick a user ID (i.e. a login) on the first page. Once they have submitted the form for the first and the user ID got written to the database, you have the unique key.
On many sites, the email address is used as the user ID. E.g. Amazon.com. It is unlikely that an email address is shared among multiple users.