I've got a question here. When you say somewhere in the Action, which action do you refer to ? The action that catches the form, or the action that forwards control to the form ?
Thanks Jefferson Ted Husted wrote: > Not much to it really. > > Before forwarding to the form that needs to be part of the transaction, > just call > > saveToken(request); > > somewhere in the Action. > > If the form the Action forwards to uses the Struts html:form tag, it > will write out the token for you as a hidden field, so there's nothing > new to do. > > On the Action that catches the form, call > > isTokenValid(request); > > If the token is not valid, branch to an error page. > > Otherwise, call resetToken(). If another copy of the form tries to > submit it again, now isTokenValid() will return false. > > The token is a random number that gets stored in the user's session. A > second copy is suppose to be stored in the request. If the session and > request tokens are missing or is different, then the transaction is out > of synch. > > saveToken() puts it into the request. > > The Struts tags write it out as a hidden field or parameter. > > resetToken() clears it from the request. > > Loop closed. > > The Core J2EE Patterns book covers this and a ton of other handy > strategies and patterns. Highly recommended. See the Struts Resource > page for a link. > > -- Ted Husted, Husted dot Com, Fairport NY US > -- Developing Java Web Applications with Struts > -- Tel: +1 585 737-3463 > -- Web: http://husted.com/about/services > > Daniel Jaffa wrote: > > > > Ok, > > I have searched around and have not found much info on the following > > classes > > isTokenValid, saveToken, generateToken > > I Think that i could use these classes to help prevent some on from hitting > > the back button issues. > > > > My question is has anybody used these and if so, could u provided me an > > example. > > (I saw an answer from Ted, where he explained it a little but i did not see > > any example code) > > > > Thank You > > > > daniel Jaffa > > > > -- > > To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> > > For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> > > -- > To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> > For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>