You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@struts.apache.org by Heligon Sandra <Sa...@nextream.fr> on 2002/07/03 10:29:24 UTC

Help about transaction tokens aim

	Hi,

	I search documentation and examples about transaction token 
	mechanism. I know transaction mechanism with database but I don't

	know "transaction token", can somebody explain why is it important
	to use this mechanism in the web application ?

	Thanks 

--
To unsubscribe, e-mail:   <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>

AW: Help about transaction tokens aim

Posted by Manfred Wolff <wo...@pointers.de>.

Hi.

The struts transaction token prevents that users klick the back-button in
the browser. Some Applications , e.g. workflow driven apps, can not deal
with back-buttons, because it may be, that a database transaction is
fullfilled, and there is no chance for a rollback.

The method saveToken(request); called in the execute-Method (Struts 1.1) of
the action saves the token. At the next action you can look, if the token is
already valid.

        if (!isTokenValid(request)) {
            // error
        }

With the method resetToken(request); you can reset the token.

The mechanism is quite tricky: The <html:form> tag reads the token out of
the session and writes it in the request. So if someones goes back (browser
back) the form responds an old (a different) token. If you not deal with
<html:form> some tags has a attribute transaction, that you can switch to
true.

Very fine mechanism, really

Manfred

-----Ursprüngliche Nachricht-----
Von: struts-user-return-39487-wolff=pointers.de@jakarta.apache.org
[mailto:struts-user-return-39487-wolff=pointers.de@jakarta.apache.org]Im
Auftrag von Heligon Sandra
Gesendet: Mittwoch, 3. Juli 2002 10:29
An: 'struts-user@jakarta.apache.org'
Betreff: Help about transaction tokens aim



	Hi,

	I search documentation and examples about transaction token
	mechanism. I know transaction mechanism with database but I don't

	know "transaction token", can somebody explain why is it important
	to use this mechanism in the web application ?

	Thanks

--
To unsubscribe, e-mail:
<ma...@jakarta.apache.org>
For additional commands, e-mail:
<ma...@jakarta.apache.org>



--
To unsubscribe, e-mail:   <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>