Check out the "synchronizer token" pattern from Core J2EE Patterns. In a nutshell, you provide the form with a unique one-time-use token that it submits with the form. The form submission handler checks to see if that token has been submitted before, and if so, rejects the request.
Struts includes an implementation of this pattern; check out the generateToken and isTokenValid methods on Action. Additionally, it's not too hard to write JavaScript that will disable a submit button after it is clicked. -- Tim Moore / Blackboard Inc. / Software Engineer 1899 L Street, NW / 5th Floor / Washington, DC 20036 Phone 202-463-4860 ext. 258 / Fax 202-463-4863 > -----Original Message----- > From: Bing Zhang [mailto:[EMAIL PROTECTED]] > Sent: Thursday, February 06, 2003 1:10 PM > To: 'Tomcat Users List' > Cc: Dan Yin; Jimmy Wu; Daniel Ruiz > Subject: how to block > > > Hi all: > > I have one problem right now, which many people here on > the list should have already experienced. > > For example, some post from browser take some time on > the server side(servlet code) to process. Often times > impatient user will click multiple times on the "submit" > button, Or "malicious" user will hold "Enter" key to request > it million times. What's going to happen on the server side > is: multiple threads onto the same servlet would be launched > and resources would be used up, like connections, and CPU > processing time. > > So what's a general approach to prevent this ?? No > matter the solution is on the client side (HTML/JavaScript), > the server side(servlet/JSP), or combined. Can you guys pass > some experience, ideas, thoughts on this ?? > > Thank you so much. > > Bing > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
