You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@struts.apache.org by Heligon Sandra <Sa...@nextream.fr> on 2002/07/03 10:29:24 UTC
Help about transaction tokens aim
Hi,
I search documentation and examples about transaction token
mechanism. I know transaction mechanism with database but I don't
know "transaction token", can somebody explain why is it important
to use this mechanism in the web application ?
Thanks
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
AW: Help about transaction tokens aim
Posted by Manfred Wolff <wo...@pointers.de>.
Hi.
The struts transaction token prevents that users klick the back-button in
the browser. Some Applications , e.g. workflow driven apps, can not deal
with back-buttons, because it may be, that a database transaction is
fullfilled, and there is no chance for a rollback.
The method saveToken(request); called in the execute-Method (Struts 1.1) of
the action saves the token. At the next action you can look, if the token is
already valid.
if (!isTokenValid(request)) {
// error
}
With the method resetToken(request); you can reset the token.
The mechanism is quite tricky: The <html:form> tag reads the token out of
the session and writes it in the request. So if someones goes back (browser
back) the form responds an old (a different) token. If you not deal with
<html:form> some tags has a attribute transaction, that you can switch to
true.
Very fine mechanism, really
Manfred
-----Ursprüngliche Nachricht-----
Von: struts-user-return-39487-wolff=pointers.de@jakarta.apache.org
[mailto:struts-user-return-39487-wolff=pointers.de@jakarta.apache.org]Im
Auftrag von Heligon Sandra
Gesendet: Mittwoch, 3. Juli 2002 10:29
An: 'struts-user@jakarta.apache.org'
Betreff: Help about transaction tokens aim
Hi,
I search documentation and examples about transaction token
mechanism. I know transaction mechanism with database but I don't
know "transaction token", can somebody explain why is it important
to use this mechanism in the web application ?
Thanks
--
To unsubscribe, e-mail:
<ma...@jakarta.apache.org>
For additional commands, e-mail:
<ma...@jakarta.apache.org>
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>