Sounds like you are using Mozilla or Firebird. Those browsers will actually send a new request when you hit the back button, which (depending on how your action works) will generate a new token.
With Internet Exploder, the page is pulled from cache, which Struts will (again, depending on how your action looks) catch and reject the token (isTokenValid() will return false). -- James Mitchell Software Engineer / Open Source Evangelist EdgeTech, Inc. 678.910.8017 AIM: jmitchtx ----- Original Message ----- From: "PC Leung" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, August 27, 2004 10:54 AM Subject: My IsValidToken() cannot trap duplicated submission. > After clicking submit button and then go back previous page, > data is still there, click the submit button again. record will be > saved once more time. The IsValidToken cannot trap the duplicated > submission. > > Initial page: > http://localhost:8080/erp/AddUserProfile.jsp > if clicking submit button, goes to > http://localhost:8080/erp/addUserProfile.do?method=create > > struts-config.xml like this. > <action path="/addUserProfileSetup" > type="com.erp.quotation.AddUserProfileAction" > name="addUserProfileForm" > scope="request" > validate="false"> > <forward name="success" path="/AddUserProfile.jsp" redirect="true"/> > </action> > <action path="/addUserProfile" > type="com.erp.quotation.AddUserProfileDispatchAction" > name="addUserProfileForm" > scope="request" > validate="true" > parameter="method" > input="/AddUserProfile.jsp"> > <forward name="success" path="/AddUserProfile.jsp"/> > <forward name="failure" path="/AddUserProfile.jsp"/> > <forward name="cancel" path="/UserMaint.jsp"/> > </action> > > Initial page already shows with a token. > > Why the following DispatchAction cannot trap duplicated submission? > > public final class AddUserProfileDispatchAction extends DispatchAction { > public ActionForward create (ActionMapping mapping, > ActionForm form, > HttpServletRequest request, > HttpServletResponse response) > throws Exception { > HttpSession session = request.getSession(); > ActionErrors errors = new ActionErrors(); > if (!isTokenValid(request, true)) { > errors.add(ActionErrors.GLOBAL_ERROR, > new ActionError("error.transaction.token")); > } > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
