-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 All,
I've been a struts 1 user for years, but I've never used the "token" capability to avoid double-submissions, etc. I have a question about their use and efficacy. The best example I can find is very straightforward (which is good): http://www.learntechnology.net/content/struts/struts_token.jsp The form handler code basically looks like this: if(!super.isValidToken(request)) { // signal double-submit } // do the real work super.resetToken(request); That's all well and good, but I'm unsure how this avoids double submissions. Let's say that the "real" work takes a measurable amount of time -- let's say 10 seconds. If the user gets tired of waiting after 5 seconds and re-submits, then the initial isValidToken call will pass, and the form will be processed twice, right? It would seem that (fictional) code such as this would be more appropriate: if(lockToken(request)) { // do the real work } else { // complain about double-submission } This way, double-submissions would actually be handled. Just so you understand my nomenclature, I see double-submissions (accidental double-click, or re-submit before the response comes back) as different from repeated response (which is a re-submit /after/ the response has been received. The Struts solution seems to prevent repeat submissions, but not double-submissions. Am I seeing this clearly? I'd appreciate any comments on the subject (including any notes about the implementation in S2, as we're considering moving that direction over time). Thanks, - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHJigJ9CaO5/Lv0PARAgAdAJ9NgmMThH/iPzD2b0GlmPox9/Th5gCgji6+ comBhtJ6dEn9YHlDRCaVA0k= =ctul -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
