You'll find quite a bit of info about this in the archives. When this has come up in the past, consensus seems to have been the setting of a unique token within the page when generated such that each time a user requests a "submittable" page, that page will contain a hidden attribute with that token. Implement a filter that only allows processing of that token once.
The problem with the solutions mentioned in this thread is that if a user double clicks on a form, the browser will display the output of the second click (which would be "nothing"). If you implement the tokens, the second request can wait for the first to complete, observing a result object that it can return once the first request finishes. This is *definitely* an advanced technique, but it's the most robust, user-tolerant, and resource-conservative one I've used and/or seen other places.
Depending on your situation, the simplest way I've seen to (mostly) handle this is to disable the submission button with Javascript once it's been tapped once. It's a point solution that's not perfect, but it'll catch 98% of egregious offenders.
justin
At 12:58 AM 4/21/2004, you wrote:
> I wonder if it would be possible to write a filter that would implement
> this functionality transparently to the JSP pages/servlets.
It could be done semi-transparently with a conditional custom tag embracing all of an individual page's content. That tag could check for concurrent request and then conditionally display or omit the (costly) body of the page.
Regards Thomas
______________________________________________ Justin Ruthenbeck Software Engineer, NextEngine Inc. justinr - AT - nextengine DOT com Confidential. See: http://www.nextengine.com/confidentiality.php ______________________________________________
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
