The way to handle this is that you have to generate a token and stick it
into the session when you generate the form. At the same time this token is
present in the form as a hidden field. Upon submission and successful
processing you remove the token from the session. When you check the token
that comes across in the form has to be the same as the one in the session
to be considered a "first submission" anything else is considered a
duplicate and therefore invalid submission.
What other ways are used to handle this scenario?
> -----Original Message-----
> From: A mailing list about Java Server Pages specification and reference
> [mailto:[EMAIL PROTECTED]]On Behalf Of Lenin Lopez
> Sent: Monday, May 07, 2001 5:34 PM
> To: [EMAIL PROTECTED]
> Subject: How can I expire a JSP FORM
>
>
> Hi ALL,
>
> Basic question,
> How can I expire a file (JSP) that has a form so the user does not have
> the oprions to click the back button and resubmit the form
> thanks
>
> ==================================================================
> =========
> To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff
> JSP-INTEREST".
> For digest: mailto [EMAIL PROTECTED] with body: "set
> JSP-INTEREST DIGEST".
> Some relevant FAQs on JSP/Servlets can be found at:
>
> http://java.sun.com/products/jsp/faq.html
> http://www.esperanto.org.nz/jsp/jspfaq.html
> http://www.jguru.com/jguru/faq/faqpage.jsp?name=JSP
> http://www.jguru.com/jguru/faq/faqpage.jsp?name=Servlets
>
===========================================================================
To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff JSP-INTEREST".
For digest: mailto [EMAIL PROTECTED] with body: "set JSP-INTEREST DIGEST".
Some relevant FAQs on JSP/Servlets can be found at:
http://java.sun.com/products/jsp/faq.html
http://www.esperanto.org.nz/jsp/jspfaq.html
http://www.jguru.com/jguru/faq/faqpage.jsp?name=JSP
http://www.jguru.com/jguru/faq/faqpage.jsp?name=Servlets
