sonesay 7 Report post Posted May 18, 2008 (edited) Is there a way to create a session variable that expires after a set time e.g 15 seconds or so users hitting reload or trying to submit twice wont be able to. I've disabled my comments function on my site at the moment until I find a solution. I would rather not use javascript as PHP code would be more transparent I think. Any ideas?edit: I forgot to add the whole process is in one page so I have the form action unset so it submits to its containing file. I would like to keep this structure. I know having it submit to a new file and redirecting back would remove the double post and reload problem but I'm looking for an alternative solution. Edited May 18, 2008 by sonesay (see edit history) Share this post Link to post Share on other sites
rvalkass 5 Report post Posted May 18, 2008 The easiest way would be to store a timestamp in the session variable. Then, check that timestamp against the current time. If it has existed for more than 15 seconds, unset the session variable. Use the time() function to get the UNIX timestamp, then you can do something like: if( (time() - $_SESSION['creation_time']) >= 15 ){ session_unset();} Is that the sort of thing you need? Share this post Link to post Share on other sites
sonesay 7 Report post Posted May 18, 2008 (edited) Yeah something like that. I'll give it a go and update.update: $enabled_comment = true;if(isset($_SESSION['msg_creation_time'])){ if(time() - $_SESSION['msg_creation_time'] <= 15) { $enabled_comment = false; }} Thanks for the example, I am using the above code and it works fine. Is there a way for PHP to destroy posted variables? Reloading page after the 15 seconds stills makes double posting possible but at least there is some flooding protection. Edited May 18, 2008 by sonesay (see edit history) Share this post Link to post Share on other sites
truefusion 3 Report post Posted May 18, 2008 Why not just have the PHP script search the database for the same input and deny it if a match is found? I've seen, i think it was, the WordPress comment script do this. Share this post Link to post Share on other sites
sonesay 7 Report post Posted May 18, 2008 I sort of didn't want to go that route since I didn't want to do the queries required to try and match existing post to new ones being submitted. I found out using header() direct to redirect to the same page is possible you just need to track the URL and it will clear post vars without the user knowing. Share this post Link to post Share on other sites
iGuest 3 Report post Posted March 5, 2010 Vitiligo Treatment, VTManage Double Posting In PhpDefeat Vitiligo with our natural treatment. Try and buy Cure Vitiligo Oil, a Natural Vitiligo Treatment for Quick Repigmentation. Our medically proven Vitiligo Remedy will make you live your life all over again.-reply by Maria Share this post Link to post Share on other sites