You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@struts.apache.org by Oleg V Alexeev <go...@penza.net> on 2001/02/09 17:41:23 UTC

Re[2]: [Q] TRANSACTION_TOKEN_KEY

Hello Rob,

+1 to add it to the struts doc.

Friday, February 09, 2001, 5:52:04 PM, you wrote:

RL> EditRegistrationAction.java  SaveRegistrationAction.java
RL> provide examples. 

RL> You would probably never use generateToken().

RL> It is used whenever you want to prevent the user
RL> from bookmarking a page, or from using the browser
RL> back arrow and then posting a second time.

RL> In the EditRegistrationAction, once the data is loaded
RL> from a database a call to saveToken() is made. It should
RL> probably be named 'setToken()' to be consistent with 
RL> 'resetToken()'. This sets a variable in both the session 
RL> and request scope of the app. Control is then forwarded
RL> to the edit jsp. When the user 'posts' the page the
RL> Token is validated in SaveRegistrationPage, then it is 
RL> destroyed by the 'resetToken call. Then the next page is
RL> 'forwarded' to. If at this time the user hits the 'back'
RL> button and hits 'post' again, when SaveRegistrationAction
RL> checks to see if the token is valids it finds can find
RL> one of two things:
RL>   1) Either the 'Token' variable didn't exist in the session scope.
RL>      This happen if 'resetToken' was the last method called
RL>   2) Or it will find that the "request" and "session" scope Token do not
RL> match.
RL>      This happen if 'saveToken' was the last method called.
  

RL> Alexander Staff wrote:
>> 
>> Hello,
>> does anyone here have any examples/explanations about using the
>> TRANSACTION_TOKEN_KEY feature in struts ?
>> I am not sure using the generateToken(), isTokenValid(), resetToken() and
>> saveToken() functions properly and in the right place.
>> 
>> Thanks in advance
>> Ciao
>> Alexander
>> 
>> --
>> Sent through GMX FreeMail - http://www.gmx.net



-- 
Best regards,
 Oleg                            mailto:gonza@penza.net

Re: [Q] TRANSACTION_TOKEN_KEY

Posted by Rob Leland <Ro...@freetocreate.org>.
Let me clean this up, and make it a little clearer.

Oleg V Alexeev wrote:
> 
> Hello Rob,
> 
> +1 to add it to the struts doc.
>