Web designers often face the situation where a form submission must be protected against duplicate or multiple
submissions. This situation typically occurs when the user clicks on submit button more than once before the
response is sent back or client access a page by returning to the previously book marked page.
- The simplest solution that some sites use is that displaying a warning message “Wait for a response after
submitting and do not submit twice.
- In the client only strategy, a flag is set on the first submission and from then onwards the submit button is
disabled based on this flag. Useful in some situations but this strategy is coupled to the browser type and
version etc.
- For a server-based solution the J2EE pattern synchroniser token pattern can be applied. The basic
idea is to:
1. Set a token in a session variable on the server side before sending the transactional page back to
the client.
2. The token is set on the page as a hidden field. On submission of the page first check for the
presence of a valid token by comparing the request parameter in the hidden field to the token stored
in the session. If the token is valid continue processing otherwise take other alternative action. After
testing the token must be reset to null.
The synchroniser token pattern is implemented in Struts. How do we implement the alternate course of action
when the second clicks on submit button will cancel the response from the first click. The thread for the first click
still runs but has no means of sending the response back to the browser. This means the transaction might have
gone through without notifying the user. The user might get the impression that transaction has not gone
through.
Struts support for synchronisation comes in the form of:
ActionServlet.saveToken(HttpRequest) and
ActionServlet.isTokenValid(HttpRequest) etc
No comments:
Post a Comment