Data Bugs

Duplicate Records Created

Multiple identical records are created from a single user action — because the submit button can be clicked more than once before the first response arrives, the API is not idempotent (retrying creates a new record each time), or a background job processes the same message more than once with no deduplication.

HighIntermediateAPI testingManual testingAutomated testing

// UNDERSTAND

// Symptoms

  • Two or more identical records appear in the database or list view after one user action
  • Clicking a submit button once and clicking back in the browser then resubmitting creates a second entry
  • An order or payment record appears twice after a network timeout caused the client to retry
  • A background job produces duplicate entries when a message is processed more than once

// Root Cause

  • The submit button is not disabled after the first click, allowing multiple POST requests before the first response is received
  • The API endpoint is not idempotent — retrying the same request body creates a new record each time instead of returning the existing one
  • Even when the API creates a duplicate, a database unique constraint would reject the second write — its absence means duplicates are persisted silently
  • A background queue uses at-least-once delivery semantics, and the consumer does not deduplicate messages before processing, producing duplicate records from the same event

// Where It Appears

  • Order submission and checkout forms
  • User registration and account creation
  • Contact form and support ticket submission
  • Background jobs that process events from a message queue
  • Payment retries with no idempotency key

// REPRODUCE & TEST

// How to Reproduce

  1. 01Navigate to a form or endpoint that creates a new record (e.g. POST /api/orders)
  2. 02Prepare a valid request body with identifiable content (e.g. a unique note field)
  3. 03Submit the request twice in rapid succession — double-click the button in the UI, or send the same POST twice using Postman without changing the body
  4. 04Wait for both requests to complete
  5. 05Retrieve the list of records via GET /api/orders and search for entries matching the submitted data
  6. 06Confirm whether two identical records were created

// Test Data Needed

  • Access to the form or API endpoint
  • A way to submit the same request twice quickly (Postman, double-click in browser, or curl run twice)
  • Access to the resulting list of records (UI list view or GET endpoint)

// Manual Testing Ideas

  • Double-click the submit button rapidly and check whether two records appear in the list
  • Submit the form, press the browser back button, and resubmit to see whether a duplicate is created
  • Throttle the connection in DevTools to Slow 3G and submit; retry before the first response arrives
  • Submit the same form with identical data twice and verify only one record is created
  • Check server logs for a duplicate key constraint error, which signals the database itself caught a duplicate the API missed
  • Test the retry path explicitly: send the same POST twice without an idempotency key and count the resulting records

// API Testing Ideas

  • Construct a POST /api/orders body with a unique identifiable field (e.g. referenceNote: 'TEST-DEDUP-001')
  • Send POST /api/orders with that body; record the created order ID from the response (e.g. ID: 100)
  • Send the identical POST /api/orders request again immediately, without changing any field
  • Record the order ID from the second response — a different ID indicates a duplicate was created
  • Query GET /api/orders and filter client-side, or fetch by the IDs returned in both responses, to confirm two distinct order IDs now exist for the same data
  • Assert exactly one order exists — two distinct IDs confirm the duplicate-records bug

// Automation Idea

Send two identical POST /api/orders requests in rapid succession with no delay and no idempotency key. After both complete, query the orders list filtered by the unique reference field and assert exactly one matching record exists. Extend the test to simulate a timeout by aborting the first request before receiving a response, then retrying with the same payload.

// Expected Result

Submitting the same request more than once creates only one record. Subsequent identical submissions return the existing record or an appropriate conflict response.

// Actual Result (Example)

Two identical POST /api/orders requests each return 201 Created with different order IDs, and the orders list shows two entries with the same data.

// REPORT IT

Example Bug Report

Title
Double-clicking the Place Order button creates two identical order records
Severity
High
Environment
Staging environment Chrome 124 Standard user account with items in cart
Steps to Reproduce
  1. 01Add an item to the cart and proceed to the order confirmation page
  2. 02Double-click the Place Order button in rapid succession
  3. 03Wait for the page to finish processing
  4. 04Navigate to the order history page or send GET /api/orders
  5. 05Search for orders placed in the last minute and count matching entries
Expected Result
One order record is created.
Actual Result
Two identical order records appear in the order history, both with the same items, total, and timestamp.
Impact
Duplicate orders cause fulfilment of two shipments for one purchase, double inventory deductions, and customer confusion — with downstream financial and operational costs.

// RELATED

// Related Bugs

Stale Data Shown After Update

Data Bugs

Medium

User Charged Twice After Retry

Payment Bugs

Critical

Message Queue Redelivery Causes Duplicate Processing

Data Bugs

High