Quick way to tell whether your web app is not idempotent: You use a client-side mechanism to disable (or otherwise obstruct) a submit button once it's been clicked because the same transaction can't be allowed to be submitted more than once. If a transaction can be processed more than once - irrespective of what's happening in the client - the implementation isn't idempotent and is still capable of processing the same thing more than once. It's increasingly rare to see this kind of thing in the wild, but it's still out there.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
Quick way to tell whether your web app is not idempotent: You use a client-side mechanism to disable (or otherwise obstruct) a submit button once it's been clicked because the same transaction can't be allowed to be submitted more than once. If a transaction can be processed more than once - irrespective of what's happening in the client - the implementation isn't idempotent and is still capable of processing the same thing more than once. It's increasingly rare to see this kind of thing in the wild, but it's still out there.