Session Filter

Thanks for the feedback Peter.

Unfortunately the site that is causing the problems is external (third party to our client) and at present I have no way to force them to clean up their code.

The problem here is that the end user could, in theory, end up being charged multiple times which is why I am looking for a way to discard subsequent attempts during a limited time period.

I think worst case reported so far was 100 duplicate transactions in 1 second - which does sound rather like an attack doesnt it!

Another option may be to "cache" the other 99 requests and send back the same reponse to each of them once the first has completed the transaction but I am not sure that would be very clean either.

What do you think would be the lesser evil?

Thanks

Matt