Sunday, January 8, 2012

What is a synchronizer token pattern in Struts or how will you protect your Web against multiple submissions?

Web designers often face the situation where a form submission must be protected against duplicate or multiple submissions. This situation typically occurs when the user clicks on submit button more than once before the response is sent back or client access a page by returning to the previously book marked page. - The simplest solution that some sites use is that displaying a warning message “Wait for a response after submitting and do not submit twice. - In the client only strategy, a flag is set on the first submission and from then onwards the submit button is disabled based on this flag. Useful in some situations but this strategy is coupled to the browser type and version etc. - For a server-based solution the J2EE pattern synchroniser token pattern can be applied. The basic idea is to: 1. Set a token in a session variable on the server side before sending the transactional page back to the client. 2. The token is set on the page as a hidden field. On submission of the page first check for the presence of a valid token by comparing the request parameter in the hidden field to the token stored in the session. If the token is valid continue processing otherwise take other alternative action. After testing the token must be reset to null. The synchroniser token pattern is implemented in Struts. How do we implement the alternate course of action when the second clicks on submit button will cancel the response from the first click. The thread for the first click still runs but has no means of sending the response back to the browser. This means the transaction might have gone through without notifying the user. The user might get the impression that transaction has not gone through. Struts support for synchronisation comes in the form of: ActionServlet.saveToken(HttpRequest) and ActionServlet.isTokenValid(HttpRequest) etc

No comments:

Post a Comment