You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@struts.apache.org by PC Leung <pc...@gmail.com> on 2004/08/28 10:25:19 UTC
Token is re-generated automatically.
When a page is displayed with a token,
data is inputted into the form.
Clicking the submit button will save a record.
Then click back previous page.
Click the submit button again.
Invalid token is detected as expected
Error message displays on top of the page.
However I find the token is changed.
Data is still there.
At this time, click the submit button once more.
It will go to next page and save a record.
The token becomes valid this time.
Why is this so?
Inside DispatchAction:
if (!isTokenValid(request)) {
errors.add(ActionErrors.GLOBAL_ERROR,
new ActionError("error.transaction.token"));
saveErrors(request, errors);
return mapping.findForward("failure");
}
resetToken(request);
Inside struts-config.xml:
<action path="/addUserProfile"
type="com.erp.quotation.AddUserProfileDispatchAction"
name="addUserProfileForm"
scope="request"
validate="true"
parameter="method"
input="/AddUserProfile.jsp">
<forward name="success" path="/AddUserProfile.jsp"/>
<forward name="failure" path="/AddUserProfile.jsp"/>
<forward name="cancel" path="/UserMaint.jsp"/>
</action>
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org
Re: Token is re-generated automatically.
Posted by Jason Lea <ja...@kumachan.net.nz>.
I see.
You have a form for adding new users.
When you submit this form, it adds the user, then clears the fields and
redisplays the form ready for another user to be added. After saving
the record you create the new token so that the next user can be added.
When you detect that the form is submitted twice (eg from pressing the
back button) you display an error message on the form.
The problem comes with handling this error condition. One way would be
to clear the form fields when this occurs.
if (!isTokenValid(request)) {
errors.add(ActionErrors.GLOBAL_ERROR,
new ActionError("error.transaction.token"));
saveErrors(request, errors);
addUserProfileForm.reset(mapping, request)
return mapping.findForward("failure");
}
In this case, when the invalid token is sent you will return them to the
form, display the error messages but this time the form fields will be
empty/reset. A new token would have already been created and the user
will have to re-enter the form fields.
I normally don't call the reset() method on forms. I create a method
called clear() in the form bean which I use for clearing fields. On
these admin pages where you might add a lot of records it can be nice to
leave some fields with the last value entered as the records sometimes
are closely related. Obviously clearing the main identifiers like
username, password etc but fields like city or country might not change
very often.
PC Leung wrote:
>token is saved if checking is OK.
> saveMessages (request, actionMessages);
> saveToken(request);
> addUserProfileForm.reset(mapping, request);
> return mapping.findForward("success");
>
>I add saveToken() right after resetToken() in order to do testing.
>The result is the same.
>
>As you describe in step 5, a new token is generated.
>So the token becomes eventually.
>Actually, it is a another duplicated submission.
>
>On Sat, 28 Aug 2004 21:50:18 +1200, Jason Lea <ja...@kumachan.net.nz> wrote:
>
>
>>do you call saveToken() anywhere? After the resetToken() perhaps?
>>
>>It sounds like the following is happening:
>>
>>1. server generates page with token A, page with token A submitted
>>2. token A is valid, record saved, tokenReset() called, saveToken()
>>called creating token B
>>3. user presses back button, and resubmits old form with old token A
>>4. old token A does not match token B in session, user redirected to
>>"failure"
>>5. server generates new page with token in session (token B)
>>6. user submits page with token B, which is accepted with new token B
>>stored in session
>>
>>Perhaps you could post more of your action where you have anything that
>>uses/resets tokens?
>>
>>
>>
>>PC Leung wrote:
>>
>>
>>
>>>When a page is displayed with a token,
>>>data is inputted into the form.
>>>Clicking the submit button will save a record.
>>>Then click back previous page.
>>>Click the submit button again.
>>>Invalid token is detected as expected
>>>Error message displays on top of the page.
>>>However I find the token is changed.
>>>Data is still there.
>>>
>>>At this time, click the submit button once more.
>>>It will go to next page and save a record.
>>>The token becomes valid this time.
>>>
>>>Why is this so?
>>>
>>>Inside DispatchAction:
>>> if (!isTokenValid(request)) {
>>> errors.add(ActionErrors.GLOBAL_ERROR,
>>> new ActionError("error.transaction.token"));
>>> saveErrors(request, errors);
>>> return mapping.findForward("failure");
>>> }
>>> resetToken(request);
>>>
>>>Inside struts-config.xml:
>>> <action path="/addUserProfile"
>>> type="com.erp.quotation.AddUserProfileDispatchAction"
>>> name="addUserProfileForm"
>>> scope="request"
>>> validate="true"
>>> parameter="method"
>>> input="/AddUserProfile.jsp">
>>> <forward name="success" path="/AddUserProfile.jsp"/>
>>> <forward name="failure" path="/AddUserProfile.jsp"/>
>>> <forward name="cancel" path="/UserMaint.jsp"/>
>>> </action>
>>>
>>>---------------------------------------------------------------------
>>>To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
>>>For additional commands, e-mail: user-help@struts.apache.org
>>>
>>>
>>>
>>>
>>>
>>>
>>--
>>Jason Lea
>>
>>---------------------------------------------------------------------
>>To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
>>For additional commands, e-mail: user-help@struts.apache.org
>>
>>
>>
>>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
>For additional commands, e-mail: user-help@struts.apache.org
>
>
>
>
--
Jason Lea
Re: Token is re-generated automatically.
Posted by PC Leung <pc...@gmail.com>.
token is saved if checking is OK.
saveMessages (request, actionMessages);
saveToken(request);
addUserProfileForm.reset(mapping, request);
return mapping.findForward("success");
I add saveToken() right after resetToken() in order to do testing.
The result is the same.
As you describe in step 5, a new token is generated.
So the token becomes eventually.
Actually, it is a another duplicated submission.
On Sat, 28 Aug 2004 21:50:18 +1200, Jason Lea <ja...@kumachan.net.nz> wrote:
> do you call saveToken() anywhere? After the resetToken() perhaps?
>
> It sounds like the following is happening:
>
> 1. server generates page with token A, page with token A submitted
> 2. token A is valid, record saved, tokenReset() called, saveToken()
> called creating token B
> 3. user presses back button, and resubmits old form with old token A
> 4. old token A does not match token B in session, user redirected to
> "failure"
> 5. server generates new page with token in session (token B)
> 6. user submits page with token B, which is accepted with new token B
> stored in session
>
> Perhaps you could post more of your action where you have anything that
> uses/resets tokens?
>
>
>
> PC Leung wrote:
>
> >When a page is displayed with a token,
> >data is inputted into the form.
> >Clicking the submit button will save a record.
> >Then click back previous page.
> >Click the submit button again.
> >Invalid token is detected as expected
> >Error message displays on top of the page.
> >However I find the token is changed.
> >Data is still there.
> >
> >At this time, click the submit button once more.
> >It will go to next page and save a record.
> >The token becomes valid this time.
> >
> >Why is this so?
> >
> >Inside DispatchAction:
> > if (!isTokenValid(request)) {
> > errors.add(ActionErrors.GLOBAL_ERROR,
> > new ActionError("error.transaction.token"));
> > saveErrors(request, errors);
> > return mapping.findForward("failure");
> > }
> > resetToken(request);
> >
> >Inside struts-config.xml:
> > <action path="/addUserProfile"
> > type="com.erp.quotation.AddUserProfileDispatchAction"
> > name="addUserProfileForm"
> > scope="request"
> > validate="true"
> > parameter="method"
> > input="/AddUserProfile.jsp">
> > <forward name="success" path="/AddUserProfile.jsp"/>
> > <forward name="failure" path="/AddUserProfile.jsp"/>
> > <forward name="cancel" path="/UserMaint.jsp"/>
> > </action>
> >
> >---------------------------------------------------------------------
> >To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
> >For additional commands, e-mail: user-help@struts.apache.org
> >
> >
> >
> >
>
> --
> Jason Lea
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
> For additional commands, e-mail: user-help@struts.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org
Re: Token is re-generated automatically.
Posted by Jason Lea <ja...@kumachan.net.nz>.
do you call saveToken() anywhere? After the resetToken() perhaps?
It sounds like the following is happening:
1. server generates page with token A, page with token A submitted
2. token A is valid, record saved, tokenReset() called, saveToken()
called creating token B
3. user presses back button, and resubmits old form with old token A
4. old token A does not match token B in session, user redirected to
"failure"
5. server generates new page with token in session (token B)
6. user submits page with token B, which is accepted with new token B
stored in session
Perhaps you could post more of your action where you have anything that
uses/resets tokens?
PC Leung wrote:
>When a page is displayed with a token,
>data is inputted into the form.
>Clicking the submit button will save a record.
>Then click back previous page.
>Click the submit button again.
>Invalid token is detected as expected
>Error message displays on top of the page.
>However I find the token is changed.
>Data is still there.
>
>At this time, click the submit button once more.
>It will go to next page and save a record.
>The token becomes valid this time.
>
>Why is this so?
>
>Inside DispatchAction:
> if (!isTokenValid(request)) {
> errors.add(ActionErrors.GLOBAL_ERROR,
> new ActionError("error.transaction.token"));
> saveErrors(request, errors);
> return mapping.findForward("failure");
> }
> resetToken(request);
>
>Inside struts-config.xml:
> <action path="/addUserProfile"
> type="com.erp.quotation.AddUserProfileDispatchAction"
> name="addUserProfileForm"
> scope="request"
> validate="true"
> parameter="method"
> input="/AddUserProfile.jsp">
> <forward name="success" path="/AddUserProfile.jsp"/>
> <forward name="failure" path="/AddUserProfile.jsp"/>
> <forward name="cancel" path="/UserMaint.jsp"/>
> </action>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
>For additional commands, e-mail: user-help@struts.apache.org
>
>
>
>
--
Jason Lea
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org