Time Wasted

[kingandy]

Just spent two hours trying to track down what appeared to be a perculiar coldfusion error - Paul had noticed certain pages on our server were apparently executing twice, thus spooning the data in the database. There was some hint of other people on the intereweb encountering this same error, lending credence to the "Coldfusion fault" theory. We tried the page in question on different servers. We tried stripping out the superfluous code, leaving only a single, simple statement. We created a dummy page, with only a single statement, in an entirely unrelated application with no commonalities whatsoever. Through all this, the double submission persisted.

Then I created a dummy page, with a single statement, and it did not happen. The information was only inserted once. At this I scratched my head, and tried to look for differences between my page and his. There were none. Commonalities between playground and live server? Very few, all discounted. There was much headscratching.

Then Paul took a look at my dummy page, and announced that it was loading the page twice.

A moment's pause. A brief experiment, invoving both of us looking at that page moments apart. The thought occurs that perhaps the common element here is, in fact, Paul's computer.

Specifically, Paul's web browser.

Paul had the Navibar extension installed in Firefox. Which, as intended, was re-loading each page after Paul visited it with the purpose of building a sitemap.

D'oh!

[EDIT: "submitting" changed to "executing". For correctness.]

Comments

[stsquad.livejournal.com]

Hmm, thats bad design. Doesn't firefox gaurd about things like this with POST data when you hit the back button warning about odd effects? Sounds like Navibar should do the same.

[kingandy]

Ah - to clarify, it's less "submit" than "request". I'll change that.

And yes, I think when he tried it with a form - registering a new customer - it only happened twice. So presumably with the second request it error'd due to not having the form variables, or something.

[stsquad.livejournal.com]

submit vs request? Are you using POST or GET?

[kingandy]

No. It was a straight HTTP request.

[paulgregory.livejournal.com]

There was some hint of other people on the intereweb encountering this same error, lending credence to the "Coldfusion fault" theory.

There are of course other scenarios where a browser will (stupidly) load a page twice. (I'm surprised Navibar has to reload the page just to get at the link rel="sitemap" bit.) "Print" often does it. Also tab session crashing / restoring probably does it. So it's still worth fixing.

My preferred solution is to have the request go to pagethatsavessomething?value=value, but then that page redirects to pagethatdisplaysstuff which can happily be reloaded. Another solution where appropriate is "change some sort of session variable when done"/"check session variable to see if this has been done".

[kingandy]

I have noticed (I think) that Firefox generates "View Source" code by re-requesting the page. Quite annoying, really.

[paulgregory.livejournal.com]

I have experienced that in the past. If I remember right it's one of the reasons I installed HTML Validator. A quick check of 1.5 in v-Anne-illa mode (doing view source on http://www.timeanddate.com/worldclock and seeing if the seconds change) appears to shows that it no longer does it. Yay.

[stsquad.livejournal.com]

And that page request alters a database?

The W3C says anything that changes a backend should be done via POST. Anything that gets a static view (i.e. should bring the same page back twice) can be handled by GET (i.e. encoded parameters in the URL). I wonder what Navibar would do with a POST request.

[kingandy]

I'm not sure what the original purpose of the script was, now you come to mention it. The HTTP request was for testing purposes, after he'd noticed the double-update elsewhere ... it may well have initially been a form submission. Maybe Navibar's just horribly unsecure, and duplicates your POST data...

[blufive.livejournal.com]

Some versions of Moz used to do that, but it was fixed long ago (Bug 40867 I believe).

As stsquad pointed out above, GET requests which actually affect state on the server are Considered Harmful. That said, there's all sorts of Web 2.0-type stuff which ignores that rule, and gets bitten grand-stylee by assorted automated spiders/tools as a result. IIRC, there was a hoo-hah last year when people discovered that having some popular web tool installed when you visited (GMail? maybe something else) nuked swathes of your data as it automagically fetched every link on the page, including the "delete" links...

It's also worth noting that there's an obscure bug in Moz-flavoured browsers which can lead to them double-submitting GET requests (Bug 236858) but you've really got to be working to hit that (vicious cache-control headers, plus mis-matched content-type headers)

[paulgregory.livejournal.com]

Judging by the comments, Navibar orginally looked in a standard place for a sitemap, and extracting a URL from the page source is an afterthought without much thought. This would mean earlier versions of Navibar didn't do any double-loading which would make it less obvious as the culprit.

Presumably the Navibar programmer found some FF hook for obtain-contents-of-url and used that in place of obtain-contents-of-current-webpage. The get request querystring is usually in with the URL, so it's more likely for those to get passed through; particularly as ?uid=32 might possibly throw up a different sitemap to the url without. I actually doubt the Navibar programmer thought "ah it doesn't matter that I needlessly reload this page, because the W3C have decreed X".

Someone should tell the Navibar guy his code needs revising.

It has highlighted an issue in your code, but at certain development stages it's often handier to use GET rather than POST and to be able to repeat a request so I assume it was something on your to-do list anyway.

Another possible solution - if you don't have an rdf sitemap, perhaps bunging a simple one in would stop Navibar trying to find one on every page load??