Re: [OS-webwork] Hidden token

Thu, 16 Jan 2003 14:44:34 -0800

The way this is typically done is that as the form is generated a token is placed into
the session and a hidden field is generated that matches this token. When the action
is executed it is valid when the two tokens match. After the first execution the session
token is removed. Therefore on subsequent tokens you have a scenario where by
the hidden field is still coming across in the request but the session token isn't there hence
you know that's an invalid submit.

On Wednesday, January 15, 2003, at 09:04 PM, Jason Carreira wrote:

Hi all,

In our evaluation of Struts vs. Webwork, I was asked about the ability
to do hidden tokens on WW built forms and URLs. Struts apparently, in
their form and link tags, have the possibility of (optionally) adding a
hidden token (either as a hidden form field, or through URL rewriting),
which can keep the user from clicking twice and executing your action
twice. I don't remember seeing anything like this in WW, although my
take is that this would be easy enough to add to the URLTag. Also, is
there a ui:form tag? I'm not sure what all got added.

I remember Rickard was talking about something to prevent 2 submits, but
I'm not sure what it was...

Thoughts? Would this be something good to add (given that it would be
optional and not break anybodies existing code)?

Jason

--
Jason Carreira
Technical Architect, Notiva Corp.
phone: 585.240.2793
fax: 585.272.8118
email: [EMAIL PROTECTED]
---
Notiva - optimizing trade relationships (tm)



-------------------------------------------------------
This SF.NET email is sponsored by: A Thawte Code Signing Certificate
is essential in establishing user confidence by providing assurance of
authenticity and code integrity. Download our Free Code Signing guide:
http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0028en
_______________________________________________
Opensymphony-webwork mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/opensymphony-webwork


-------------------------------------------------------
This SF.NET email is sponsored by: Thawte.com
Understand how to protect your customers personal information by implementing
SSL on your Apache Web Server. Click here to get our FREE Thawte Apache Guide: http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0029en
_______________________________________________
Opensymphony-webwork mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/opensymphony-webwork

Reply via email to