I like to use the combination of two. For data that is sensitive and should not be submitted twice, I use sync token and also a http redirect. For data that can be submitted twice, I just use the redirect.
For a casual user who accidentally tries to resubmit by pressing refresh, redirect should suffice. He will not get any error. However when the user is adamant and tries to back by using the browser history, sync token is needed. I havent found any problems with the fact that redirect makes an extra trip to the client. Cheers, Srikanth On Fri, 19 Sep 2003, Mohd Amin Mohd Din wrote: > Date: Fri, 19 Sep 2003 10:42:13 +0800 > From: Mohd Amin Mohd Din <[EMAIL PROTECTED]> > Reply-To: Struts Users Mailing List <[EMAIL PROTECTED]> > To: 'Struts Users Mailing List' <[EMAIL PROTECTED]> > Subject: RE: Refreshing Form Submission and Duplicates > > An easier way would be to do a redirect once submitting the form to > listing the page. > Redirect doesn't stop the user from pressing the back button (or working their way back the "Go" menu) and submitting the form again. Craig > -----Original Message----- > From: Shane Mingins [mailto:[EMAIL PROTECTED] > Sent: Friday, September 19, 2003 10:26 AM > To: 'Struts Users Mailing List' > Subject: RE: Refreshing Form Submission and Duplicates > > I noticed this the other day at http://husted.com/struts/catalog.html > > Use the Action Token methods to prevent duplicate submits > > There are methods built into the Struts action to generate one-use > tokens. A > token is placed in the session when a form is populated and also into > the > HTML form as a hidden property. When the form is returned, the token is > validated. If validation fails, then the form has already been > submitted, > and the user can be apprised. > > - saveToken(request) > - on the return trip, > isTokenValid(request) > resetToken(request) > > > I am not sure if that is of any help as I have yet to use it ... > although I > have just this minute found a case in my own application to do so ;-> > > Shane > > > > > -----Original Message----- > > From: John Reynolds [mailto:[EMAIL PROTECTED] > > Sent: Friday, 19 September 2003 2:16 p.m. > > To: [EMAIL PROTECTED] > > Subject: Refreshing Form Submission and Duplicates > > > > Hi, > > > > I have a question about a bug in my application using a Struts Form. > > This happens in multiple areas of my site, but the one example I will > > use is a Message Board feature. The problem is that when a user goes > to > > a list of messages, fills out the form to post a message and ends up > > back on the list page, the message will be submitted twice if they > > refresh the page following the form submission. this has caused > > duplicate messages throughout the message board, as it is the nature > of > > message boards to refresh the list of messages often to check for new > > ones. Keep in mind, my app strictly follows the approach of the > O'Reilly > > book. > > > > I'll try to make this easy to follow: > > > > 1. the user goes to a message board with a list of messages from other > > users. this page is /messagelist.do the action looks like this: > > > > <action > > path="/messagelist" > > name="messageListForm" > > type="myapp.framework.actions.MessageListAction" > > scope="request"> > > <forward name="Success" > path="/templates/messagelist.jsp"/> > > </action> > > > > (the "messageListForm" is a struts form bean with a List of message > > objects) > > > > 2. at the bottom of the page is a form to post your own message 3. the > > user enters their Name, Subject and Message Body and submit the form > 4. > > the form is processed by a Struts Action. the action tag in > > struts-config.xml looks like this: > > > > <action > > path="/messageinsert" > > name="messageDetailForm" > > type="myapp.framework.actions.MessageInsertAction" > > scope="request" > > validate="false"> > > <forward name="Success" path="/messagelist.do"/> > > </action> > > > > - From the naming convention, you can see that the Action inserts the > > message into storage (database) and upon success the user is forwarded > > to the same /messagelist.do action > > > > Now, when the form is submitted and this is displayed, the URL in the > > browser says: > > > > http://myapp.com/myapp/messageinsert.do > > > > I expect that this is correct because the HTML form itself was <form > > action="/messageinsert.do" method="POST">. > > > > The user's submitted message will be found on the list of messages. > > HOWEVER, IF THEY REFRESH THE SCREEN, THE MESSAGE WILL BE SUBMITTED > > AGAIN. This should not happen. If i'm the customer, i've already > > submitted the form, and now i'm seeing a list of messages. refreshing > > should have no effect on the form that i just submitted. > > > > Does anyone have a suggested fix? > > > > Thanks all, > > > > JR > > > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
