> > When this has come up in the past, consensus seems to have > been the setting of a unique token within the page when > generated such that each time a user requests a "submittable" > page, that page will contain a hidden attribute with that > token. Implement a filter that only allows processing of > that token once.
I tried this approach once, I got stuck on this scenario: user submit a form, jsp/servlet processes and remove the token from list. But the user click abort before the page was transferred, thus leaving him with old token. He can't ever submit the page again. Anyone have think of a solution for this can please share? > > The problem with the solutions mentioned in this thread is > that if a user double clicks on a form, the browser will > display the output of the second click (which would be > "nothing"). If you implement the tokens, the second request > can wait for the first to complete, observing a result object > that it can return once the first request finishes. This is > *definitely* an advanced technique, but it's the most robust, > user-tolerant, and resource-conservative one I've used and/or > seen other places. Can you please share how to wait for first request to complete and grab the result? I'm really interested in this method but completely have no idea on how to implement. > Depending on your situation, the simplest way I've seen to > (mostly) handle this is to disable the submission button with > Javascript once it's been tapped once. It's a point solution > that's not perfect, but it'll catch 98% of egregious offenders. Tried this, same situation as above, submit and then cancel. (sigh) TIA. Antony --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
