I've resolved this type of problem by using a redirect instead. This way, if they refresh, they only refresh the current page (which should just render a view, not process any business logic).
It also depends on where you have your business logic. Regards, Mark *********** REPLY SEPARATOR *********** On 03/07/2003 at 12:25 AM Jeff Smith wrote: >I worry about users. I've been one. I know how unpredictable we can be. :-) > >Take this case. I have a struts app and I want users to be able to log in. Pretty >simple. In fact, it is probably the most common scenario implemented in samples and >tutorials. > >Being a good host, I like to keep track of my guests. So when my users log in, I want >to time-stamp them so I know how long they've been connected. > >My action-forward for login success takes me to a pretty page that gives my users >stats about their last logon (in case somebody is using their account without their >knowledge) and a bunch of other stuff. > >So they tend to sit on that page and read it for a while. > >Then (and here's the unpredictable user part) for some reason, they hit the refresh >button on their browser. Well, since they got here as an action forward from the >authentication sequence, the refresh resubmits all their logon credentials, the >system re-authenticates them and then takes them, finally, back to the page they've >been reading and refreshes it. And in that process, my login timestamp is stomped >with a newer one. > >Now, I have already figured out a few ways to short circuit the re-authentication >(like, don't authenticate a user who is already logged in.) But the question is, >where else could my users be inadvertently causing spurious recursions into >potentially costly sequences by ignorantly hitting the refresh button? I can imagine >that some of my action sequences might invoke some fairly expensive computations >before displaying the results. But do I *REALLY* want to recompute the whole thing >when my users hit refresh? In the case of rendering dynamic content, maybe I do. But >for transactional stuff like logging in, or submitting a credit card for >authentication, I probably don't want to re-compute on refresh. > >Am I the only one who worries about stuff like this? > >I want my site to be bullet proof, idiot proof and all-kinds-of-other-things-proof. >I'd be curious to know how other people handle this situation. > > >Jefficus --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
