You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@struts.apache.org by Tom Bednarz <li...@bednarz.ch> on 2002/02/28 18:08:48 UTC
Usage of Action Tokens - preventing application 'damage' by impatient users
Hi,
I guess it is a common problem of web applications that they need to track
how many times a user clicks a submit button. Assuming, that a click on the
submit button executes an expensive stored procedure on a database server
which may take 10 to 20 seconds, lots of users get impatient and click the
submit button again and again.
I tracked this down and noticed, that every click executes the perform
method of my Action class. In fact the server executes the procedure as many
times as the user clicks the button.
In the struts framework I found in the Action class the following methods:
generateToken(), isTokenValid(), resetToken() and saveToken()
Could anybody explain how and where to use these methods best to prevent an
action from executing multiple times?
I see the following processing inside the action.perform() method:
1) getParameters from the form
2) determine whether the form needs first to be delivered or the user input
needs to be processed
if user input needs to be processed continue with 3) otherwise deliver the
form...
3) validate the parameters
4) process request
5) catch any errors and return them (if there are any)
6) deliver the results by forwarding to a view template
In my opinion the steps 3 to 5 should be treated like a transaction and any
further submits from the same session should not be processed. Could anybody
please post an exemple how to solve that problem best?
Many thanks
Thomas
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
Re: Usage of Action Tokens - preventing application 'damage' by impatient users
Posted by Tom Bednarz <li...@bednarz.ch>.
Brad,
> You can prevent multiple submits in the client side using JavaScript.
Below
> is some code that you can see in action at
>
I do NOT want do it in JavaScript on the client side. JavaScript may be
turned off or not supported by a browser. So anything written in JavaScript
is very browser dependent and therfore unreliable for my system.
It must be possible to do it on the server side with action tokens. I simply
do not understand when to use:
generateToken() or saveToken().
Somehow I am missing a method like String getToken() to retrieve it from the
session and compare it with what I have stored in the request.
Can anybody help please?
Many thanks
Thomas
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
RE: Usage of Action Tokens - preventing application 'damage' by impatient users
Posted by Brad Rhoads <br...@zethcon.com>.
You can prevent multiple submits in the client side using JavaScript. Below
is some code that you can see in action at
https://www.cyclewacko.com/ChangeInfo.asp?mode=new&GoTo=youraccount.asp&SSL=
yes
//-->
</SCRIPT><SCRIPT language="JavaScript" type="text/JavaScript">
<!--
//This include file contains some JavaScript functions to prevent users
//from submitting a form twice. It sets a flag (FormSubmitted) to false
//when the page first loads. Then, when the form is submitted, this flag
//is checked. If it is true, it tells the user that they have already
//submitted the form and prevents the second submission. If it is false
//it toggles the flag true (which prevents the next submission) and
//submits the form. The flag can be reset if subsequent submissions are
//required. One example would be if the user changes information on the
//form and then re-submits. In this case, the ResetFormSubmitted function
//should be called in the onChange event of any form item that can be
//changed.
//Initialize the FormSubmitted variable
var FormSubmitted = false;
function DoubleSubmitCheck() //Call this function in the form's onSubmit
attribute
{
//Check if the form has previously been submitted
if(FormSubmitted) //It was
{
//Alert the user and cancel the submission
alert("You have already submitted this form. Please wait for it to be "
+ "processed...\n\nNOTE: If you pressed your browser's 'Stop' button"
+ " after submitting this form, you'll have to press the 'Reload' or "
+ "'Refresh' button before you can re-submit.")
return false;
}
else //It was not (this is the first time it was submitted
{
//Set the FormSubmitted flag to true and return true to process the form
FormSubmitted = true;
return true;
}
}
-----Original Message-----
From: Tom Bednarz [mailto:list@bednarz.ch]
Sent: Thursday, February 28, 2002 11:09 AM
To: struts user list
Subject: Usage of Action Tokens - preventing application 'damage' by
impatient users
Hi,
I guess it is a common problem of web applications that they need to track
how many times a user clicks a submit button. Assuming, that a click on the
submit button executes an expensive stored procedure on a database server
which may take 10 to 20 seconds, lots of users get impatient and click the
submit button again and again.
I tracked this down and noticed, that every click executes the perform
method of my Action class. In fact the server executes the procedure as many
times as the user clicks the button.
In the struts framework I found in the Action class the following methods:
generateToken(), isTokenValid(), resetToken() and saveToken()
Could anybody explain how and where to use these methods best to prevent an
action from executing multiple times?
I see the following processing inside the action.perform() method:
1) getParameters from the form
2) determine whether the form needs first to be delivered or the user input
needs to be processed
if user input needs to be processed continue with 3) otherwise deliver the
form...
3) validate the parameters
4) process request
5) catch any errors and return them (if there are any)
6) deliver the results by forwarding to a view template
In my opinion the steps 3 to 5 should be treated like a transaction and any
further submits from the same session should not be processed. Could anybody
please post an exemple how to solve that problem best?
Many thanks
Thomas
--
To unsubscribe, e-mail:
<ma...@jakarta.apache.org>
For additional commands, e-mail:
<ma...@jakarta.apache.org>
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>