Three methods for JSP to avoid repeated Form submission

1. javascript. Set a variable and submit it only once.

<Script language = "javascript">

Var checkSubmitFlg = false;

Function checkSubmit (){

If (checkSubmitFlg = true ){

Return false;

}

CheckSubmitFlg = true;

Return true;

}

Document. ondblclick = function docondblclick (){

Window. event. returnValue = false;

}

Document. onclick = function doconclick (){

If (checkSubmitFlg ){

Window. event. returnValue = false;

}

}

</Script>

　　

<Html: form action = "myAction. do" method = "post" onsubmit = "return checkSubmit ();">

2 or javascript. Set the submit button or image to disable.

<Html: form action = "myAction. do" method = "post"

Onsubmit = "getElById ('submitinput'). disabled = true; return true;">

<Html: image styleId = "submitInput" src = "images/OK _ B .gif" border = "0"/>

</Html: form>

3. Use the struts synchronization token mechanism

The synchronization Token mechanism is used to solve the problem of repeated submission in Web applications. Struts also provides a reference implementation.

Basic Principles:

Before processing the incoming request, the server compares the token value contained in the request with the token value saved in the current user session to see if it matches. After the request is processed and the reply is sent to the client, a new token will be generated. In addition to sending the token to the client, the old token saved in the user session is also replaced. In this way, if the user goes back to the submission page and submits the request again, the token sent from the client is inconsistent with the token sent from the server, effectively preventing repeated submission.

If (isTokenValid (request, true )){

// Your code here

Return mapping. findForward ("success ");

} Else {

SaveToken (request );

Return mapping. findForward ("submitagain ");

}

Struts generates a unique (for each session) token based on the user session ID and the current system time. For details, refer to the generateToken () method in the TokenProcessor class.

1. // verify the transaction control token.

2. In action:

// <Input type = "hidden" name = "org.apache.struts.taglib.html. TOKEN"

// Value = "6aa35341f25184fd996c4c918255c3ae">

If (! IsTokenValid (request ))

Errors. add (ActionErrors. GLOBAL_ERROR,

New ActionError ("error. transaction. token "));

ResetToken (request); // Delete the token in the session

3. action has such a method to generate a token

Protected String generateToken (HttpServletRequest request ){

HttpSession session = request. getSession ();

Try {

Byte id [] = session. getId (). getBytes ();

Byte now [] =

New Long (System. currentTimeMillis (). toString (). getBytes ();

MessageDigest md = MessageDigest. getInstance ("MD5 ");

Md. update (id );

Md. update (now );

Return (toHex (md. digest ()));

} Catch (IllegalStateException e ){

Return (null );

} Catch (NoSuchAlgorithmException e ){

Return (null );

}

}