-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Wed 2007-04-25 21:00:54 -0400, Paul Lesniewski wrote:
> If there are three hits in the web log as you've shown, I think
> there is not much chance it'd be a SM problem. The request *did*
> appear to actually come three times. Unless there were some other
> page requests from the user's IP address in between that explain it,
> I'd focus on what might be wrong with her browser or her use of the
> application.
In general, i agree with Paul here: there's probably something wrong
with the browser. This is not the first case i've heard of where a
squirrelmail user claims to have submitted a message once and it
triggered multiple POSTs to the server. [0] suggests that that Safari
possibly has a poorly-implemented "back" button.
But there's also a long history of webapp designers working
around/accomodating broken web browsers for the benefit of users.
Accepting multiple totally identical, complicated POST requests in a
row is something that squirrelmail (or any other webapp) can decide to
do or not do. There are numerous ways that a webapp could handle this
more gracefully. For example, a session cookie that is modified
per-POST would make it easy for SM to reject "oops i clicked the
button twice" mistakes (though it might have problems with some
concurrent access browsing patterns that are starting to crop up with
tabbed browsers). Another strategy would be to simply make a decent
hash of each incoming complex POST request (e.g. a POST which sends
out an e-mail) from a given user: hash the entire POSTed data, slap a
timestamp and userid on it, and throw it in a cache. When a new POST
happens of the same category, check if the same hash has been stored
recently. If it has, pragmatically reject the new POST with a clear
error message.
Anyway, while i don't think squirrelmail is at fault here, i do think
that there are ways squirrelmail could handle the situation more
robustly. Cleaning up after others is never fun, but it seems like
that's what webapp implementation is about these days :/
Regards,
--dkg
[0] https://docs.astro.columbia.edu/ticket/163
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Processed by Mailcrypt 3.5.8+ <http://mailcrypt.sourceforge.net/>
iD8DBQFGMAcgiXTlFKVLY2URAnYSAJ933LSuvF7Y5Ute7NQEO8KXvbJWhQCg37ZN
yIo86FoS9ZAKWRI373J2IAY=
=8gBr
-----END PGP SIGNATURE-----
-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
--
squirrelmail-users mailing list
Posting Guidelines: http://www.squirrelmail.org/wiki/MailingListPostingGuidelines
List Address: squirrelmail-users@xxxxxxxxxxxxxxxxxxxxx
List Archives: http://news.gmane.org/thread.php?group=gmane.mail.squirrelmail.user
List Archives: http://sourceforge.net/mailarchive/forum.php?forum_id=2995
List Info: https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
