This is very interesting and something I never thought
about.
Only one call to the back-end will ever be made, since
the token will be invalid.
You should check the token before the populate maybe?
I think it is the populate that is screwing up things.
Another reason to use form fields for all front-end
fields and called a toDvo() and fromDvo() on it in the
action's (which will not be done twice).
sandeep
--- Carl Walker <[EMAIL PROTECTED]> wrote:
> You should use JavaScript to solve this.
>
> Here's a sample function.
>
> <script language="JavaScript">
>
> var bAlreadySubmitted = false;
> function isAlreadySubmitted()
> {
> if (document.forms[0].elements[14].style) {
>
>
document.forms[0].elements[14].style.visibility='hidden';
> }
>
> if (!bAlreadySubmitted)
> {
> bAlreadySubmitted = true;
> return true;
> }
>
> alert("Please don't submit more than
> once.");
> return false;
> }
>
> </script>
>
> And include this with your html:form
>
> <html:form method="POST"
> action='<%=
> (String)session.getAttribute("action") %>'
> onsubmit="return
> (validateForm(this))?isAlreadySubmitted():false" >
>
>
> David Gagnon wrote:
>
> >
> > > >It's up to your Action to call the token
> methods to
> > > >validate the token and
> > > >forward the user to an appropriate page.
> > > >
> > >
> > I know, maybe I wasn't clear enough .. sorry :-)
> > What I'm saying is that if you use a
> > session bean, the content is modified even though
> the
> > token is invalid.. I thinks this should not
> happen.
> >
> > I'm working on an intranet application and I'm
> using
> > session beans (Maybe I shouldn't). Right now if
> the
> > user does a double click. The first request
> passes
> > and the second request populates the bean while
> the
> > first request is been processed ... This is a
> little
> > race :-).
> >
> > I don't think Struts offers an easy way to avoid
> > this... maybe I'm wrong ...
> >
> > Thanks
> > /David
> >
> >
> >
> >
> > > David
> > > --- David Gagnon <[EMAIL PROTECTED]> wrote:
> > > > Hi all,
> > > >
> > > >
> > > > If you have a session bean and you are
> using
> > > the
> > > > token framework to protect yourself again
> > > multiple
> > > > submit...
> > > >
> > > >
> > > > Let say a request with a bad token is post to
> the
> > > > server. The bean will be populated right ...
> > > even
> > > > if
> > > > the token is not valid. Is struts offers
> support
> > > > to
> > > > check if a request contains a valid token
> prior
> > > to
> > > > populate the bean. For what I know you the
> > > sooner
> > > > you
> > > > can play with token in struts is in the reset
> > > > method
> > > > of the bean (It may not be the best place to
> play
> > > > with
> > > > token anyway...).
> > > >
> > > >
> > > > Is a request with a bad or no token should be
> > > > redirect
> > > > by the framework to a handler. Like it's
> done
> > > with
> > > > the Exception in Struts? I think there
> should
> > > have
> > > > a
> > > > way to avoid changing the server state on bad
> > > > request
> > > > ...
> > > >
> > > >
> > > > My guest is that you already know about all
> that
> > > > :-)
> > > > ... or that there is something to prevent
> this
> > > that
> > > > I'm not aware of.
> > > >
> > > >
> > > > Thanks for your help
> > > >
> > > >
> > > > /Dave
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > > __________________________________
> > > > Do you Yahoo!?
> > > > SBC Yahoo! DSL - Now only $29.95 per month!
> > > > http://sbc.yahoo.com
> > > >
> > >
> > >
> > > __________________________________
> > > Do you Yahoo!?
> > > SBC Yahoo! DSL - Now only $29.95 per month!
> > > http://sbc.yahoo.com
> >
> > __________________________________
> > Do you Yahoo!?
> > SBC Yahoo! DSL - Now only $29.95 per month!
> > http://sbc.yahoo.com
> >
> >
>
---------------------------------------------------------------------
> > To unsubscribe, e-mail:
> [EMAIL PROTECTED]
> > For additional commands, e-mail:
> [EMAIL PROTECTED]
>
>
>
---------------------------------------------------------------------
> To unsubscribe, e-mail:
> [EMAIL PROTECTED]
> For additional commands, e-mail:
> [EMAIL PROTECTED]
>
__________________________________
Do you Yahoo!?
SBC Yahoo! DSL - Now only $29.95 per month!
http://sbc.yahoo.com
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
