This week's book giveaway is in the Testing forum. We're giving away four copies of The Way of the Web Tester: A Beginner's Guide to Automating Tests and have Jonathan Rasmusson on-line! See this thread for details.
What is the best practice on using isTokenValid()? Does one use if for all form posts to check for duplicate or only on those that issue a transaction like Save or Update? In other words does a search need to use the token checking on form post?
Never be satisfied with anything less than the best and you will surely pass the test...
posted 10 years ago
I say there's no point in dealing with the overhead of tokens in situations where it doesn't really matter if the user submits twice. In a search, there's no real harm done if there's a double submit.