Making a post URL one-time-only or "single use URL"

[johnnycab]

I have a website where you can comment on photos. Let's say the URL to comment on photo 34 is:

www.website.com/post/comment?id=34&text=test+message.

This works great, except...if I put that URL into a new window, and hit f5 to refresh the page 30 times, the comment will get posted 30 times.

How can I make a "single use URL"?

 

[FResher]

Hello !

you can use a single 'hash' provided by a random number.
the 'unix time' is a good way to achieve, both in the db as 'time clue', and to build the 'hash' and for security, it's one more tool.

It's just one more var in your request string to build.
http://www.website.com/post/comment?id=34&text=test+message&hash=654654654654 <- ( unix time or hash of unix time )
so in your code, if the hash, and the message are already in the DB, you don't add it twice.

1 - the user send a message
2 - message is insert in the db with a 'unix time' column

========================

if a user 'refresh' or flood the request :
3 - you check for the user, the message , and the 'unix time' ( hashed or not by the way )
if already in the db : do nothing
if not in db : add the new message



to comment about 'refresh' , it's a "common action" from users, often not an attempt ( to flood )