Client side, start with JavaScript. You can never trust the client, but its a start.
i.e.
onclick="this.disabled=true,this.form.submit();
Server side you 'could' insert something into a database i.e. a checksum. If its a records you are insert into a database use model.objects.get_or_create()
to force the uniqueness on database level you should use unique_together.
Lastly: HTTPRedirect is best, The the method I use when a user processes a payment is to just issue a HTTPRedirect() to the thank you/conformation page. This way refreshing the form won't resubmit and if they go back and try to submit the form again (without refreshing the form) the Django Cross Site Request Forgery (CSRF) will fail, perfect!
与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…