not sure how they could be posted multiple times? when you press submit on a form, the action="" takes effect and you go to a new page.. unless users browser is not responding/slow and they keep having to press submit multiple times OR are not using FORMS at all (through programming)... not sure how you would test to see which scenario is being played..

have you got CSRF token?

There is a short delay before the page is redirected, and I can click submit multiple times during this time. A user can easily double click the button while it is loading.

Yes, I'm using Blade's form and it generates a token automatically. I also do a before => csrf check for the store method as I'm using resource controllers.

It is not an issue specific to php.

I just disable the submit button when it is first clicked with Javascript

Is there a way to do this on the server side as well? If the user has Javascript turned off, wouldn't they be able to submit multiple times then?

Try adding a hidden filed with a random string or date and check if it was submitted multiple times within a certain amount of time from a certain ip or something like that...