They should do what Reddit does and by default make a 5 second rate limit of sending posts and comments, the first one gets accepted, the next ones get rejected within the 5 second ratelimit.
I’ve seen this concept called idempotency tokens. I thought it was common but a quick search didn’t find any articles on it so maybe the name is not that common.
It doesn’t solve the problem of your comment request timing out after waiting 30 seconds in a spotty mobile connection. Now that it timed out, you don’t know if it was actually posted or not. A proper API would not post duplicate comments in response to retries of a request that already succeeded (without the client knowing).
They should do what Reddit does and by default make a 5 second rate limit of sending posts and comments, the first one gets accepted, the next ones get rejected within the 5 second ratelimit.
Another popular solution I see is to have the client generate a UUID when posting. Then the server can very easily tell if a request is a duplicate.
I’ve seen this concept called idempotency tokens. I thought it was common but a quick search didn’t find any articles on it so maybe the name is not that common.
Nonce, maybe?
Nonce is the opposite. It’s never supposed to be used more than once, right?
Yeah, that’s the proper fix.
It doesn’t solve the problem of your comment request timing out after waiting 30 seconds in a spotty mobile connection. Now that it timed out, you don’t know if it was actually posted or not. A proper API would not post duplicate comments in response to retries of a request that already succeeded (without the client knowing).
That’s a good point, I like @[email protected] solution better. Make the request have it’s own identifier and if one goes through disregard the rest.