Methods In Action Class

[subhendukumar mohanty <su...@infy.com>]

Hi 

I found the following methods in Action.java which I think may help to control the session ID. That means if the user submits the page and press the back button and submit the page again it will throw an error.

generateToken(HttpServletRequest request)
saveToken(HttpServletRequest request)
isTokenValid(HttpServletRequest request)

If anybody has used these methods let me know how to use these methods .

Thanks,
Subhendu

--
To unsubscribe, e-mail:   <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>

Re: Methods In Action Class

[Ted Husted <hu...@apache.org>]

Before going to a page you want to protect, route to an Action first and
call SaveToken. This stores a token with a unique value in the user's
session.

If the page uses the html:form tag, it will automatically include a
hidden field with the token if it finds one in the session. 

In the Action that receives the page, use isTokenValue to see if the
token in the session matches the one from the form. Call resetToken to
clear the token, so it can't be used again.

-- Ted Husted, Husted dot Com, Fairport NY US
-- Developing Java Web Applications with Struts
-- Tel: +1 585 737-3463
-- Web: http://husted.com/about/services


subhendukumar mohanty wrote:
> 
> Hi
> 
> I found the following methods in Action.java which I think may help to control the session ID. That means if the user submits the page and press the back button and submit the page again it will throw an error.
> 
> generateToken(HttpServletRequest request)
> saveToken(HttpServletRequest request)
> isTokenValid(HttpServletRequest request)
> 
> If anybody has used these methods let me know how to use these methods .
> 
> Thanks,
> Subhendu
> 
> --
> To unsubscribe, e-mail:   <ma...@jakarta.apache.org>
> For additional commands, e-mail: <ma...@jakarta.apache.org>

--
To unsubscribe, e-mail:   <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>