You have to do a couple of things:
1) While preparing the form, call generateToken(request);
2) Make sure you use the html:form tag - otherwise the token won't get put on the page.
3) When the user submits, do two things
3a) Check isTokenValid(request) - if it is, contiue, if not, warn the user.
3b) Call resetToken(request) so the user can't re-use the same token
On Thu, 20 Jan 2005 17:43:43 +0800 Anthony Hong <[EMAIL PROTECTED]> wrote:
I use server side xslt transformation and return it to client side for
rendering.
I saw use struts token mechanism can control form double submit
problem. But it doesn't work in my enviorment.
Is there any additional step I should put it into my response?
Or it only work with the JSP view?
--
Anthony Hong
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
