On 11/9/06, Adrian Mitev <[EMAIL PROTECTED]> wrote:
This was posted in the bug tracker [1]: Craig McClanahan [08/Nov/06 10:38 PM] * It is trivially simple for an application to provide an "escape hatch" when the user screws up ... create a "Cancel" button with immediate="true", and this action will get processed *before* Process Validations phase, and therefore will bypass the check performed by the Token component. What do you think about storing attribute in the request when the token validation fails that could help render the "Cancel" button (if no token error, no cancel button).
This idea is certainly technically feasible, if you are willing to rely on an internal implementation detail of how the Token component actually saves its state. However, from a user interface design point of view, wouldn't you *always* want a way to exit in the middle of a wizard dialog that you entered by accident? I'd hate to tell users "if you want to exit, just do a refresh so the cancel button shows up" :-) Craig PS: There is a bunch of discussion about the token component, and how it should behave, on the bug report ... useful background for this conversation can be found at: http://issues.apache.org/struts/browse/SHALE-287 --
Seeing is believing
