Originally posted by Shawn Bayern:
I tend to prefer server-side solutions for problems like this.
Definitely. We've discussed the client-side (disable the submit button) solution before, and it's possible to lock the user out of performing any action in some cases.
The server-side token is much cleaner.
I seem to remember
Struts having something like this (ie tokens) built in. Anyone seen or used them?