C# - If user refreshes page after inserting a record, a duplicate record is created. How can I prevent this?

Question

This is true with any other functionality present on the page. I don't want the last event that happened before post back to happen again.

Answer 1

A simple way is to use javascript to disable the button when the users click it.

A way I use to avoid refreshes when high security is needed, is the use of a small "token" in session. Let's say, we put a small 32 bit integer in our session.

The page will contain an hidden input containing our small integer token. Each time we receive the page request, we increment that token by one, and, before doing so, we check for equality with the one received in the request.

If they match, it is not a refresh. If they don't match, it is a refresh.

This will also block attempt to do back and next with browser buttons.

Of course at the point that token don't matches, the page should change or you'll have again the refresh problem. It should show something like "hey, refresh back or next not allowed, press here to continue".

For increased security, you can xor that integer with a costant value dependant for example on some other value that is constant in session.

Answer 2

I believe you should take a look at the PRG Pattern (Post/Redirect/Get)

Post/Redirect/Get (PRG) is a common design pattern for web developers to help avoid certain duplicate form submissions and allow user agents to behave more intuitively with bookmarks and the refresh button

In ASP.NET:

1. POST - Submit button click causes HTTP POST
2. REDIRECT + GET - HttpResponse.Redirect()

MSDN, Redirecting Users to Another Page

In server code, you can programmatically redirect by calling the Redirect method. The method sends a command to the user's browser that causes the browser to issue an HTTP GET command for the target page.

Few important notes regarding PRG pattern:

!!! The PRG pattern cannot address every scenario of duplicate form submission. Some known duplicate form submissions that PRG cannot solve are:

• if a web user goes back to the web form and resubmits it.
• if a web user clicks a submission button multiple times before the server response loads (may be prevented by using JavaScript to disable the button after the first click).
• if a web user refreshes before the initial submission has completed because of server lag, resulting in a duplicate HTTP POST request in certain user agents.
• if a malicious web user submits the form twice despite client-side safeguards and typical browser behavior.

Answer 3

This is about PRG. The simple way to avoid this is redirect user to same page again:

Page: Update.aspx

void btnUpdate_click(object sender, EventArgs e){
    // do your update here
    Response.Redirect("Update.aspx");
}

This will create a redirect-header in Resoinse and browser will create a GET request to Update.aspx page. And if the User refresh the page, a GET will be sent. Look:

1. User submit the form : POST
2. Server do updates, return a redirect-header
3. Browser receives the response as a redirect-command : REDIRECT
4. Browser sends a GET request for same page to server : GET
5. Browser receives the response answered by a GET
6. If user refreshes the page: Browsers last command was GET, so will not fires a submit again

Answer 4

you can check already exist condition before inserting record in Database.

like in stored procedure you can check

if not exists (select id from table where column name ='test' ) begin inser statement.. end

Answer 5

You should learn about the PRG (Post/Redirect/Get) pattern:

Post/Redirect/Get (PRG) is a common design pattern for web developers to help avoid certain duplicate form submissions and allow user agents to behave more intuitively with bookmarks and the refresh button.

Source: http://en.wikipedia.org/wiki/Post/Redirect/Get

Basically you'll want to redirect via a GET request after the user has done a POST.