I haven't seen any but there isn't really much to document. You put an integer into the form with a value that is updated by the action. This value must change from request to request, typically it is incremented. You must carry a hidden field in the jsp to carry the token to the following request (if you don't have the hidden field and are using session beans the value will always be correct, with request beans it will always be incorrect). The load action also puts the token value into the session so the next action can check the value. When the target action is invoked, it picks up the token and checks the value against the actionform. If the value is not the same, i.e. the user hit the back button and resubmitted, you have an error situation. You can forward to an error page or take whatever action you deem necessary at that point.
Edgar > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] > Sent: Friday, November 21, 2003 11:52 AM > To: [EMAIL PROTECTED] > Subject: RE: Token documentation > > > > > ok, I will try to get this book. > And what about online documentation? > > > > > Extranet > [EMAIL PROTECTED] - 11/21/2003 05:22 PM > > > Please respond to [EMAIL PROTECTED] > To: struts-user > > cc: > > > Subject: RE: Token documentation > > > I found the description of how and when to use tokens in "The > Struts Framework, Practical Guide for Java Programming" by > Sue Spielman very useful. > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] > Sent: Friday, November 21, 2003 11:19 AM > To: [EMAIL PROTECTED] > Subject: Token documentation > > > > Hi all, > > I have problems with the refresh button of my brower: it > resend automatically the form to the server. I found the > mailing archive that with the use of tokens, I can avoid > that. But I don't really understand how I have to use it > properly. Can someone tell me when i could find a good > documentation concerning this point? Is it a recommanding > desing to associated with tokens ? > > thanks, > > Ludo. > > > > > > > > This message and any attachments (the "message") is intended > solely for the addressees and is confidential. If you receive > this message in error, please delete it and immediately > notify the sender. Any use not in accord with its purpose, > any dissemination or disclosure, either whole or partial, is > prohibited except formal approval. The internet can not > guarantee the integrity of this message. BNP PARIBAS (and its > subsidiaries) shall (will) not therefore be liable for the > message if modified. > > --------------------------------------------- > > Ce message et toutes les pieces jointes (ci-apres le > "message") sont etablis a l'intention exclusive de ses > destinataires et sont confidentiels. Si vous recevez ce > message par erreur, merci de le detruire et d'en avertir > immediatement l'expediteur. Toute utilisation de ce message > non conforme a sa destination, toute diffusion ou toute > publication, totale ou partielle, est interdite, sauf > autorisation expresse. L'internet ne permettant pas d'assurer > l'integrite de ce message, BNP PARIBAS (et ses filiales) > decline(nt) toute responsabilite au titre de ce > message, dans l'hypothese ou il aurait ete modifie. > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > > > > This message and any attachments (the "message") is intended > solely for the addressees and is confidential. > If you receive this message in error, please delete it and > immediately notify the sender. Any use not in accord with > its purpose, any dissemination or disclosure, either whole or > partial, is prohibited except formal approval. > The internet can not guarantee the integrity of this message. > BNP PARIBAS (and its subsidiaries) shall (will) not > therefore be liable for the message if modified. > > --------------------------------------------- > > Ce message et toutes les pieces jointes (ci-apres le > "message") sont etablis a l'intention exclusive de ses > destinataires et sont confidentiels. Si vous recevez ce > message par erreur, merci de le detruire et d'en avertir > immediatement l'expediteur. Toute utilisation de ce message > non conforme a sa destination, toute diffusion > ou toute publication, totale ou partielle, est interdite, > sauf autorisation expresse. L'internet ne permettant pas > d'assurer l'integrite de ce message, BNP PARIBAS (et ses > filiales) decline(nt) toute responsabilite au titre de ce > message, dans l'hypothese ou il aurait ete modifie. > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
