I have a Best Practices type question. Where should I send the user
if isValidToken returns FALSE?
Here is the flow we have for this application.
1. User searches for a profile
2. List of matching profiles is displayed
3. User clicks the EDIT link for the profile they want to update
4. Profile is displayed with a TOKEN embedded in a hidden form field
5. User hits Submit to update changes (possibly hitting it twice).
6. If isValidToken == TRUE, call resetToken(request) and
the Action will Forward to:
a) A confim page using redirect on SUCCESS
b) Back to the form page with error msgs on FAILURE
So where do I go if isValidToken != TRUE? I think part of the problem
is I won't really know *why* the token was invalid. Here's what I'd
like to do. I'd like to basically store in the session the Token, the
requested ActionMapping and the UID of the object being handled (in
this case a profile_ID). Then if the isValidToken returns false, look
in the session for the last *successful* token that matched the
ActionMapping and profile_ID for this request and send them to the
same result page. Does that make sense? Has anyone tried this
before? Any pitfalls you could foresee? Is this just a plain bad
idea? Any feedback on this would be greatly appreciated.
Thanks,
-Derek
[FROM A PREVIOUS POST]
> if(!isTokenValid(request)){
> //token vaildation failed so send to error page (or straight onto
> success page if desired)
> return mapping.findForward("failure");
> }else{
> resetToken(request);
> // do some work as token is ok
> return mapping.findForward("success");
> }
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
