In my application, there will be no validation error in the FINAL submission stage; the validation error would be called earlier. If however there are other types of error (like database error, we just stop processing, but the second submission will be identified. Your question is valid, however, one of the synchronizer token usages is to prevent the duplicate submission. If you put the resetToken to the last and you have a long logic before resetToken, here is what will happen (1) you did a first submission (2) then submit again, at this point, the resetToken is not invoked yet, (since there is a long logic before it), the action just thinks this is the same token and it just allows it -which did actually prevent the duplicate submission, right?
Thanks. -----Original Message----- From: Erik Weber [mailto:[EMAIL PROTECTED] Sent: Friday, August 27, 2004 11:10 AM To: Struts Users Mailing List Subject: Re: My IsValidToken() cannot trap duplicated submission. Larry, what if an error occurs after form validation, but during processing of the submit, which requires you to forward back to the input page? Erik Zhang, Larry (L.) wrote: >I think the resetToken should be placed as the first place in your action that >processes your submitted form, instead of when you are done processing the submitted >form. > >-----Original Message----- >From: Erik Weber [mailto:[EMAIL PROTECTED] >Sent: Friday, August 27, 2004 10:57 AM >To: Struts Users Mailing List >Subject: Re: My IsValidToken() cannot trap duplicated submission. > > >When you are done processing the submitted form, invoke "resetToken". > >Erik > > > >PC Leung wrote: > > > >>After clicking submit button and then go back previous page, >>data is still there, click the submit button again. record will be >>saved once more time. The IsValidToken cannot trap the duplicated >>submission. >> >>Initial page: >>http://localhost:8080/erp/AddUserProfile.jsp >>if clicking submit button, goes to >>http://localhost:8080/erp/addUserProfile.do?method=create >> >>struts-config.xml like this. >> <action path="/addUserProfileSetup" >> type="com.erp.quotation.AddUserProfileAction" >> name="addUserProfileForm" >> scope="request" >> validate="false"> >> <forward name="success" path="/AddUserProfile.jsp" redirect="true"/> >> </action> >> <action path="/addUserProfile" >> type="com.erp.quotation.AddUserProfileDispatchAction" >> name="addUserProfileForm" >> scope="request" >> validate="true" >> parameter="method" >> input="/AddUserProfile.jsp"> >> <forward name="success" path="/AddUserProfile.jsp"/> >> <forward name="failure" path="/AddUserProfile.jsp"/> >> <forward name="cancel" path="/UserMaint.jsp"/> >> </action> >> >>Initial page already shows with a token. >> >>Why the following DispatchAction cannot trap duplicated submission? >> >>public final class AddUserProfileDispatchAction extends DispatchAction { >> public ActionForward create (ActionMapping mapping, >> ActionForm form, >> HttpServletRequest request, >> HttpServletResponse response) >> throws Exception { >> HttpSession session = request.getSession(); >> ActionErrors errors = new ActionErrors(); >> if (!isTokenValid(request, true)) { >> errors.add(ActionErrors.GLOBAL_ERROR, >> new ActionError("error.transaction.token")); >> } >> >>--------------------------------------------------------------------- >>To unsubscribe, e-mail: [EMAIL PROTECTED] >>For additional commands, e-mail: [EMAIL PROTECTED] >> >> >> >> >> >> > >--------------------------------------------------------------------- >To unsubscribe, e-mail: [EMAIL PROTECTED] >For additional commands, e-mail: [EMAIL PROTECTED] > > >--------------------------------------------------------------------- >To unsubscribe, e-mail: [EMAIL PROTECTED] >For additional commands, e-mail: [EMAIL PROTECTED] > > > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
