How to protect Laravel reset password from multiple fast clicks

1. Problem

During implementing user registration and user activation process in Laravel, I encountered a problem!

If the user clicks fast multiple times on the reset password button or the resend activation code button, he gets lots of emails at the same time.

This can happen due to two scenarios:

1. User is so stupid and wants to do something silly with our app or misuse!
2. There is a real user but the server is slow at that time and after the first click the user thinks “he may not have submitted the form” and click the button again and again!

Even I checked it in spark and tried to reset my password with multiple fast clicks. It seems having the same problem!

2. Solution

One solution is to disable the button at the front-end via javascript, just after the first click. Maybe it seems to be enough but I want to find a server-side solution!

When a reset password link is requested, a record in the password_resets table will be generated. If the user uses the reset link (sent to his email), the record will be deleted. If the user does not use the link but continues to request the password reset, the record will be deleted and created again.

So I targeted the ForgotPasswordController and inserted in it the sendResetLinkEmail() getting from the SendsPasswordResetEmails trait.

I modified sendResetLinkEmail(Request $request) as follows to consider the time period between each two consecutive requests.

In sendResetLinkEmail(Request $request) just after :


I put these logics:

and did not change anything else. Meanwhile, I set 60 seconds as the interval time for two accepted requests. You can change it as you prefer.

To improve the solution, it is better to bring more generic, middleware based solution to prevent a single form from being submitted multiple times.

I intend to share my experience relating to Laravel framework. Any suggestions for a better solution is most welcome.

Thank you for reading! If you enjoyed this article clap it !

Also I’d like to hear your opinion on this article. If you have any doubt, question or suggestion please leave a comment below.

Have a very wonderful day!




Posting about Python and Laravel

Love podcasts or audiobooks? Learn on the go with our new app.

What is Informatica Architecture?

How to Create CI/CD Pipeline using Devops Tools ? 🧠 🧠 🧠

My time at NEORT

Moving from Goal Setters to System Builders

The definitive guide on writing a SPI communications protocol for STM32

Running a FIFO Cloud on OVH Dedicated Servers

1,000 engineering tickets in Notion

AIR Android Splash Screens

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store


Posting about Python and Laravel

More from Medium

Laravel Telescope

Laravel Tutorial ~ Laravel Eloquent Relationships

Carbon Add Years To Date In Laravel

Detailed Guide on Laravel Development Proces