cms
cms copied to clipboard
Double-click on register form creates multiple users with the same email address
Description
We noticed some duplicate user accounts appearing that were being created at the same time and managed to have the same email address.
If I use our public registration form to create a new account using an email address that already exists, the form validation returns false and I'm told a user already exists with that email.
However, if I try to create a new account using an email address that doesn't exist, and I double click the form's submit button, two accounts are created.
The only other Github issue I've found that might be related is #9835
Steps to reproduce
- Follow the steps in this knowledge base guide to allow public registrations and create a frontend registration form
- Double-click the form's submit button to submit the form twice successively
Additional info
- Craft version: 3.7.35
- PHP version: 7.4.26
- Database driver & version: mysql 5.7
@jamiepittock I think I have this sorted here: can you give it a try by requiring this in your composer.json and running update?
"craftcms/cms": "dev-develop as 3.7.36"
Thanks @timkelty, that's fixed it locally 👍
@brandonkelly will this fix be in a release today?
@jamiepittock Not sure when the next release will be, sorry. This is currently the only meaningful change on develop
, so should be completely safe to just deploy with composer.lock
set to dev-develop
.
@timkelty @brandonkelly I'm sorry, I've just pushed dev-develop to both our staging and production sites and this issue is still there.
Locally I've managed to produce the issue once. I'm not sure why I've got this inconsistency locally...possibly my development environment is slower so it's not catching it??
Screenshots below of users. The second screenshot was a user created via the CP. For some reason I can reproduce it every time using our public registration form, but not every time creating new users via the control panel.
FWIW I've got a remote development environment set up with a fresh install of Craft using dev-develop
where I can reproduce this issue. I can send you access via a pro support ticket if it helps.
@jamiepittock in my testing, I also noticed that it was only reproducible with a new session. After it happened once, it wouldn't again until I closed/reopened browser window.
So, it seems we're dealing with a race condition where the slightest of conditions throws it off.
While we work to resolve, it's worth noting that this can also be addressed with a tiny bit of javascript. Adding a lick handler on your submit button that disables the button would prevent a double click.
That said – it should also be accounted for on the backend, but the best solution is probably to have both in place so your double-click users don't get "email already taken" errors.
I can send you access via a pro support ticket if it helps.
@jamiepittock That would be lovely!
Craft 3.7.37 is out with the original fix.