Inside your form, you can create your own hidden field containing the token
(which is what the <html:form> tag does). This should work, although I
haven't tested it:
<input type="hidden"
name="<%= Constants.TOKEN_KEY %>"
value="<%= session.getAttribute(Action.TRANSACTION_TOKEN_KEY) %>" >
You'll need to remember to add the appropriate imports at the top of your
JSP too.
--
Martin Cooper
----- Original Message -----
From: "Tim Fox" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, August 15, 2001 7:41 AM
Subject: RE: Examples of mutli-click prevention using struts tokens
> Thanks for your reply.
> What I really meant when I said I don't have an html:form, is that I do
have
> a
> <FORM> tag, just not a <html:form> tag, ie I'm not using the struts html
> taglib in my page (consequently I can't use the html:link tag either).
> Is there a method I can call to get the transaction token in a format that
> can be stuck in a query parameter? Then I can just do <a
> href="blah.go?something=<%=getToken()%>">click me</a> ???
>
> I'm still unsure of how to use saveToken(), resetToken(), and
> isTokenValid(), at what point in my web action do I place these calls (if
> any), and in what order?
>
>
>
>
>
>
>
> -----Original Message-----
> From: Craig R. McClanahan [mailto:[EMAIL PROTECTED]]
> Sent: 14 August 2001 17:05
> To: [EMAIL PROTECTED]
> Subject: Re: Examples of mutli-click prevention using struts tokens
>
>
> On Tue, 14 Aug 2001, Tim Fox wrote:
>
> > Anyone know of any examples of how to use the
> > saveToken(), resetToken(), and isTokenValid() methods - for prevention
of
> > submission of forms multiple times.
> > I can't find anything in the docs.
> > Specifically I want to be able to use them in the situation where I
> *don't*
> > have a <html:form> in my page - is this possible?
> > thanx in advance
> >
>
> If you don't have a form, then what you are trying to prevent is following
> the same hyperlink twice, right? In that case, you can tell the
> <html:link> tag to include the transaction control token like this:
>
> <html:link href="/foo.do" transaction="true"/>
>
> This will cause the token to be included on the hyperlink as a query
> parameter, so that you can check it with isTokenValid() in your action
> associated with path "/foo", just as if it came in on a form. Once you've
> validated that, the action can forward to whatever page you actually want
> to display.
>
> Craig
>
>
>
