Synchronization Token for forms - any coding required?

[Chris Ruegger <cr...@speakeasy.net>]

I have read that Struts uses the Token Synchronization
pattern to detect and avoid duplicate form submissions.

Question: Is all of this handled transparently for me
or do I need to code some logic in the perform() method
to enable this and/or ignore a duplicate submission?

Thanks

Re: Synchronization Token for forms - any coding required?

["Craig R. McClanahan" <cr...@apache.org>]

On Fri, 16 Aug 2002, Chris Ruegger wrote:

> Date: Fri, 16 Aug 2002 11:54:57 -0400
> From: Chris Ruegger <cr...@speakeasy.net>
> Reply-To: Struts Users Mailing List <st...@jakarta.apache.org>
> To: Struts Users Mailing List <st...@jakarta.apache.org>
> Subject: Synchronization Token for forms - any coding required?
>
> I have read that Struts uses the Token Synchronization
> pattern to detect and avoid duplicate form submissions.
>
> Question: Is all of this handled transparently for me
> or do I need to code some logic in the perform() method
> to enable this and/or ignore a duplicate submission?
>

See the Struts example application's use of this feature -- for example:

* In EditRegistrationAction, you see the line:

    saveToken(request);

* In SaveResgistrationAction, you see the code:

    if (!isTokenValid()) {
      ... deal with the error ...
    }

>From the page author's view, this is transparent -- the <html:form> tag
does the necessary magic to include the token as a hidden field in the
submit.  It's not transparent to the person writing your actions, but it's
real easy to call saveToken() in the action that sets up your input form's
data.  And you have total control over dealing with the token not being
valid as well.

> Thanks
>
>

Craig



--
To unsubscribe, e-mail:   <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>