You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@struts.apache.org by Oleg V Alexeev <go...@penza.net> on 2001/02/09 17:41:23 UTC
Re[2]: [Q] TRANSACTION_TOKEN_KEY
Hello Rob,
+1 to add it to the struts doc.
Friday, February 09, 2001, 5:52:04 PM, you wrote:
RL> EditRegistrationAction.java SaveRegistrationAction.java
RL> provide examples.
RL> You would probably never use generateToken().
RL> It is used whenever you want to prevent the user
RL> from bookmarking a page, or from using the browser
RL> back arrow and then posting a second time.
RL> In the EditRegistrationAction, once the data is loaded
RL> from a database a call to saveToken() is made. It should
RL> probably be named 'setToken()' to be consistent with
RL> 'resetToken()'. This sets a variable in both the session
RL> and request scope of the app. Control is then forwarded
RL> to the edit jsp. When the user 'posts' the page the
RL> Token is validated in SaveRegistrationPage, then it is
RL> destroyed by the 'resetToken call. Then the next page is
RL> 'forwarded' to. If at this time the user hits the 'back'
RL> button and hits 'post' again, when SaveRegistrationAction
RL> checks to see if the token is valids it finds can find
RL> one of two things:
RL> 1) Either the 'Token' variable didn't exist in the session scope.
RL> This happen if 'resetToken' was the last method called
RL> 2) Or it will find that the "request" and "session" scope Token do not
RL> match.
RL> This happen if 'saveToken' was the last method called.
RL> Alexander Staff wrote:
>>
>> Hello,
>> does anyone here have any examples/explanations about using the
>> TRANSACTION_TOKEN_KEY feature in struts ?
>> I am not sure using the generateToken(), isTokenValid(), resetToken() and
>> saveToken() functions properly and in the right place.
>>
>> Thanks in advance
>> Ciao
>> Alexander
>>
>> --
>> Sent through GMX FreeMail - http://www.gmx.net
--
Best regards,
Oleg mailto:gonza@penza.net
Re: [Q] TRANSACTION_TOKEN_KEY
Posted by Rob Leland <Ro...@freetocreate.org>.
Let me clean this up, and make it a little clearer.
Oleg V Alexeev wrote:
>
> Hello Rob,
>
> +1 to add it to the struts doc.
>