-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Anyone?
Christopher Schultz wrote: > All, > > I've been a struts 1 user for years, but I've never used the "token" > capability to avoid double-submissions, etc. I have a question about > their use and efficacy. The best example I can find is very > straightforward (which is good): > > http://www.learntechnology.net/content/struts/struts_token.jsp > > The form handler code basically looks like this: > > if(!super.isValidToken(request)) > { > // signal double-submit > } > > // do the real work > > super.resetToken(request); > > That's all well and good, but I'm unsure how this avoids double > submissions. Let's say that the "real" work takes a measurable amount of > time -- let's say 10 seconds. If the user gets tired of waiting after 5 > seconds and re-submits, then the initial isValidToken call will pass, > and the form will be processed twice, right? > > It would seem that (fictional) code such as this would be more appropriate: > > if(lockToken(request)) > { > // do the real work > } > else > { > // complain about double-submission > } > > This way, double-submissions would actually be handled. > > > Just so you understand my nomenclature, I see double-submissions > (accidental double-click, or re-submit before the response comes back) > as different from repeated response (which is a re-submit /after/ the > response has been received. > > The Struts solution seems to prevent repeat submissions, but not > double-submissions. > > Am I seeing this clearly? I'd appreciate any comments on the subject > (including any notes about the implementation in S2, as we're > considering moving that direction over time). > > Thanks, > -chris - --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHKJAN9CaO5/Lv0PARAvQTAJ4l4b9GkWpmhm/6+/SJ6wl/LZQVxwCfcByn WW25PokcY/6b8ksp263ET6U= =yb9t -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
