Also outs your report publicly, nice !
As someone who implement a Lemmy client it might be a client side problem. If the server is struggling you will time out when sending the comment. If the client side has any sort of retry logic it will send the comment again. This can cause the comment to be posted multiple times. There might be a bug on the server as well but I know for sure it can be caused by the client.
It’s what you are describing, and it’s not a client problem. It’s impossible for a client to solve. You can’t tell whether a timed out request succeeded or not.
Idempotent network requests are a standard feature of many APIs - sending the same request multiple times should result in only one action being performed, but Lemmy doesn’t support them yet.
So yes, it’s “caused” by retries, but the bug is that the backend doesn’t properly support retries. Clients don’t do anything wrong.
It could/should be handled by the server but it’s technically possible for the client to make due without it. You would need to handle it very carefully. For instance on timeouts, you can issue a get request to see if the comment posted. If it did then you do not issue another post.
They should do what Reddit does and by default make a 5 second rate limit of sending posts and comments, the first one gets accepted, the next ones get rejected within the 5 second ratelimit.
Another popular solution I see is to have the client generate a UUID when posting. Then the server can very easily tell if a request is a duplicate.
I’ve seen this concept called idempotency tokens. I thought it was common but a quick search didn’t find any articles on it so maybe the name is not that common.
It doesn’t solve the problem of your comment request timing out after waiting 30 seconds in a spotty mobile connection. Now that it timed out, you don’t know if it was actually posted or not. A proper API would not post duplicate comments in response to retries of a request that already succeeded (without the client knowing).
That’s a good point, I like @idunnololz@lemmy.world solution better. Make the request have it’s own identifier and if one goes through disregard the rest.