jsfeng/StrutsPreventDoubleSubmit.md

Created May 3, 2012 14:15

Star () You must be signed in to star a gist
Fork () You must be signed in to fork a gist

Learn more about clone URLs
Clone this repository at <script src="https://gist.github.com/jsfeng/2585923.js"></script>
Save jsfeng/2585923 to your computer and use it in GitHub Desktop.

Download ZIP

Struts Prevent Double Submission

Raw

StrutsPreventDoubleSubmit.md

On initial request:

Call saveToken(request) in your Action class
Forward to the JSP displaying the form.

On form submit:

Have the Action check if isTokenValid(request)
If true, process request then call resetToken(); otherwise, we're dealing with a double-submit and will skip processing it.

What's happening under the hood:

Struts will generate a unique value (the token) and keep it in the session context
When the JSP is rendered, Struts inserts the token as a hidden field
The hidden field token is submitted along with the rest of the form and isValidToken() checks the value that came in with the current request against the value that was saved in the session context by the most recent saveToken() call. If the two token values match, the submission is valid.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment