If you want a better server-side solution, you could try employing mandatory idempotency tokens in the request payload. The concept is simple: either have the server give the client an idempotency token as part of the page load, or have the client request one at some point, or have it be something that can be generated on the client side (nonce style) and send it with the request. The server can then validate, using some strongly consistent system, that it has not received any requests in a certain window of time with that token. (Or, possibly, react with the existing response.)<p>This has an additional benefit that even methods like PUT do not: it works no matter how many layers of your stack might have retry behavior (properly or improperly) and enables safe retry even when you can’t be sure if the request went through or not. The primary downside is that it introduces a single point of failure, though you could theoretically shard it by some property of the request such as the session key/user id/IP address. Still desirable if you have something you really don’t want to repeat, like a transaction. (Probably would be wise to <i>also</i> make those multiple stage, but nonetheless.)<p>Goes without saying you should definitely still mitigate this on the client side by updating the UI state if JavaScript is available.
Interestingly, the only persons I've ever seen doubleclicking in the web are from my parent generation (>60, >70 years old).<p>Also since 2015 the mobile adaption increased more and more. On mobile devices, the "double tap" concept never was very important, I think (at least not in the web context).<p>Therefore my feeling is that this issue is mostly a thing from the past.<p>Nevertheless I sometimes see forms which implement this "disable after submission" principle. Especially when it's about money, such as when booking a hotel or flight, etc.
I've actually heard people verbally use the word "doubleclick" to mean explore. For example, someone in a meeting might mention some idea. Then my colleague would say "let's doubleclick on that for a minute".
I don’t feel like I double click much at all in Windows and macOS nowadays at all.<p>Literally only to open a file from finder, which I use in column mode so navigating is single clicking.
This is something I usually take care of by throttling the relevant event listeners (in an AJAXed site) but the way this article puts it makes me wonder if this is as easy as globally disabling double clicks on links and buttons:<p><pre><code> document.addEventListener('dblclick', event => {
if (event.target.closest('a, input, button'))
event.preventDefault()
})</code></pre>
If the client-side solution is so simple, what's the problem? There are many things on the web where, if given a clean slate, it would be nice to change the default behavior. This doesn't seem to rise to the top of that list.
The proposed solution (an HTML attribute to 'allow' double-click submissions of <form>s) is backwards from how the standard would be updated.<p>The proposal should instead be for an attribute that <i>prevents</i> double-clicks, because that way browsers that have not implemented it still behave correctly. Additionally, you don't "break userspace" for millions of forms online that no longer work as the developer intended.<p>However, I'm skeptical that we need to encode this at all into the standard, since setting the `disabled` attribute on the submission button after submission is pretty much test case #0 of any serious online form development.<p>Amusingly, things have gotten a lot better since 2015 when this was written. That blob of JQuery is now replaced with binding the `disabled` attribute to `isSubmitted` state on your React-based webform. An interesting glimpse into the web-that-used-to-be.
Similar problem occurs with the Windows task bar and Mac dock.<p>I've seen new users in particular double click to open.<p>Then, since the machine is so busy, nothing happens for a bit.<p>Concerned, the user then double clicks again. At this point they start to despair or curse.
Another way this _could_ be solved is to allow HTML authors to use idempotent HTTP methods like PUT.<p>Sadly, it doesn't seem browser vendors are very interested to support this.
> What if a double-click is blocked by default<p>I agree this would be a more sensible behavior for form submission, but given that ship has long since sailed: <a href="https://xkcd.com/1172/" rel="nofollow">https://xkcd.com/1172/</a>