This is really how it's designed to work. For a form to be resubmitted, the user will have to regenerate the form, maybe by going back two pages, to the page that was shown *before* the form. As you might already know, this protects against accidental double submits. If you're looking for an alternative, you can, instead of using tokens, use redirects. This will not protect against double submits, but will allow the same form to be resubmitted deliberately, while still protecting against refresh operations. You could try manually removing the token, although I think that will defeat the purpose of using them.
Hubert --- Ding Lei <[EMAIL PROTECTED]> wrote: > Hi Craig, > I guess you misunderstood what I said. > The problem is that once the token is saved, even if I request the action > again(NOT "refresh") manually(by clicking some link on the page, or submit > a form), > the token is still there! and thus the action is never executed second > time. > Thanks. > > > > > On Mon, Jul 12, 2004 at 08:40:22PM -0700, Craig McClanahan wrote: > > Ding Lei wrote: > > > > >Hello ... > > > > > > > > >On Mon, Jul 12, 2004 at 10:50:46AM -0300, Guillermo Meyer wrote: > > > > > > > > >>Use Struts isTokenValid/saveToken schema in your addUsetToDatabase > > >>Action method. > > >> > > >> > > >the problem is that once it calls saveToken(), the damn token stays > > >there forever ... what's wrong with it? > > > > > > > > > > > I can see why you might be concerned (from a memory usage viewpoint) > > about the token staying there "forever" ... what I don't get is why that > > might be a functional concern? If you want to avoid double submits, > > you're going to check for the existence of the correct token value. > > Working backwards, that means your application logic *must* have called > > saveToken() prior to rendering the page with the input form you're > > checking -- but, since there's only one token, any previous value will > > at that point have been thrown away. Things still work correctly, > > though, in terms of what the token is designed to do -- you really can > > detect the second submit, and react differently to it. Right? > > > > By the way, even though there is no removeToken() method explicity > > available, you can always call: > > > > session.removeAttribute(Globals.TRANSACTION_TOKEN_KEY); > > > > if you really really want to get rid of it. > > > > Craig > > > > > > > > > > > > > > > > > > > > >>Cheers. > > >>Guillermo. > > >> > > >>-----Original Message----- > > >>From: Ding Lei [mailto:[EMAIL PROTECTED] > > >>Sent: Lunes, 12 de Julio de 2004 10:38 a.m. > > >>To: Struts Users Mailing List > > >>Subject: Browser's refresh problem > > >> > > >> > > >>Hi all, > > >> > > >> There's a UserAddAction, which adds the user record to the database, > > >>and when it's done it redirects the user index page. the problem is > that > > >>everytime the user clicks refresh at the user index page, the same > > >>record is added again. > > >> > > >> I know that unique check is required, but I also hopes that action > > >>itself should be aware of the user's "Refresh". > > >> > > >> Thank you. > > >> > > >> > > >>-- > > >>Layman <[EMAIL PROTECTED]> Ext: 8059 > > >> > > >>--------------------------------------------------------------------- > > >>To unsubscribe, e-mail: [EMAIL PROTECTED] > > >>For additional commands, e-mail: [EMAIL PROTECTED] > > >> > > >>NOTA DE CONFIDENCIALIDAD > > >>Este mensaje (y sus anexos) es confidencial, esta dirigido > exclusivamente > > >>a las personas direccionadas en el mail y puede contener informacion > > >>(i)de propiedad exclusiva de Interbanking S.A. o (ii) amparada por el > > >>secreto profesional. Cualquier opinion en el contenido, es exclusiva de > > > >>su autor y no representa necesariamente la opinion de Interbanking S.A. > > > >>El acceso no autorizado, uso, reproduccion, o divulgacion esta > prohibido. > > >>Interbanking S.A no asumira responsabilidad ni obligacion legal alguna > > >>por cualquier informacion incorrecta o alterada contenida en este > > >>mensaje. Si usted ha recibido este mensaje por error, le rogamos tenga > la > > >>amabilidad de destruirlo inmediatamente junto con todas las copias del > > >>mismo, notificando al remitente. No debera utilizar, revelar, > distribuir, > > >>imprimir o copiar este mensaje ni ninguna de sus partes si usted no es > el > > >>destinatario. Muchas gracias. > > >> > > >> > > >> > > >>--------------------------------------------------------------------- > > >>To unsubscribe, e-mail: [EMAIL PROTECTED] > > >>For additional commands, e-mail: [EMAIL PROTECTED] > > >> > > >> > > > > > > > > > > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > -- > Layman <[EMAIL PROTECTED]> Ext: 8059Have an adequate day. > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
