Session application: Avoid duplicate submissions of forms
I. Duplicate submissions of FORMS
1. Duplication of submissions
① submits the form to a servlet, and the servlet responds to a JSP or HTML page by requesting forwarding, and the browser address bar retains the servlet path, where the response page clicks the Refresh button
② repeatedly click the Submit button on the form when the response page has not arrived
③ Click the "Back" button or the browser's fallback button, then click on the "Submit" button
2. How do I avoid repeating the form submission?
Principle: Make a mark in the form, and when the form is submitted to the servlet, check that the tag exists and is consistent with the predefined, and if it is consistent, accept the request, and if it is inconsistent or not marked, prompt repeat submission.
Method:
① only provides a hidden field, <input type= "hidden" name= "token" value= "Tomas"/> cannot be implemented: No way to clear request parameters
② put the mark in the request. Cannot be implemented: Because when the form page is displayed (including refresh), this JSP page corresponds to the request has been destroyed, at the time of submission is a new request
③ put the mark in the session. Can be implemented with the following steps:
1> generate a random value (timestamp) token on the original form page
2> the token value into the session on the original form page
3> the token value into the hidden field on the original form page
1>> in the target Servlet of the form submission, gets the token values in the session and hidden fields
2>> Compare two values: Accept the request if it is consistent and clear the token value in the session
If the 3>> is inconsistent, respond directly to the hint: repeat the submission.
SERVLET/JSP-07 Session Application: Avoid duplicate submissions of forms