Homemade token-> provent repeated submission from refresh & undo

First, define a concept to prevent repeated submission and prevent repeated data input. It is a task that the database should complete to prevent repeated data input. JDBC or Hibernate is used in Java ee. To prevent repeated submission is a task that should be completed at the control and view layers.

------------------------------------------- I am a glorious splitting line --------------------------------------------

The token can be used to prevent repeated submission.
Protected string generatetoken (httpservletrequest request) to create a token.
Protected Boolean istokenvalid (httpservletrequest request) check whether the token is valid
Protected Boolean istokenvalid (httpservletrequest request, Boolean reset) check whether the token is valid and reset the token (if the reset is true)
Protected void resettoken (httpservletrequest request) reset token
Protected void savetoken (httpservletrequest request) to add a token

The struts token mechanism can effectively solve the problem of repeated form submission. The basic principle is:

Before processing the request (the execute () method in the action is used to process the request), the server compares the token value contained in the request with the token value saved in the current user session, check whether it matches. After the request is processed and the reply is sent to the client, a new token will be generated. In addition to sending the token to the client, the old token saved in the user session is also replaced. In this way, if the user goes back to the submission page and submits the request again, the token sent from the client is inconsistent with the token sent from the server, effectively preventing repeated submission.

In this case, there are two points:

First, you need to have this token value in the request. How to save the token value in the request is actually the same as saving some information on the page by hiding the field, the storage format is as follows:

<Input type = "hidden" name = "org.apache.struts.taglib.html. Token" value = "6aa35341f25184fd996c4c918255c3ae">

This value is obtained by generatetoken () in the tokenprocessor class and is calculated based on the session ID of the current user and the long value of the current time.

Second, after the client submits the request, we need to determine whether the value contained in the request is consistent with the server Token because the server generates a new token each time it submits the request, if the request is submitted repeatedly, the client's token value is different from the server's token value. The following describes how to prevent repeated submission by inserting a piece of data in the database.

Take my testcase system as an example

In the queryall () method of action, we need to save the explicit requirements of the token value to the page. We only need to add a statement: savetoken (request) --> Add the token to queryall () there is only one reason for the method. The pre-Method of my insert () method is the queryall () method. That is to say, the queryall () method must be executed before the insert request is processed.
Public actionforward queryall (...){
Savetoken (req); // Add a token to avoid repeated submission in insert.
...
}
In the insert method of action, we compare the token Value in the form with the token value on the server, as shown below:
Public actionforward insert (...){
// Determine whether the token is valid and reset the token
If (istokenvalid (req, true )){
...
}
...
}

------------------------------------------- I am a glorious splitting line --------------------------------------------

This is a pure JSP Example. It does not use action to help you understand the token mechanism. (Token is applicable to non-Struts Projects)

The principle of struts token is: generate a token --> display the token value in the implicit box of the Form --> submit the form to compare the token value of the hidden box with the token value saved by the system. if the correct description is not repeated. error description repeated submission --> clear the token Value

The above is the principle. In fact, the token value is saved as the session value. So you only need to do two things to implement the struts token function: create two pages: one page insertdata. JSP (used to submit forms), another page savedata. JSP (receive form value)

1. <! -- Insertdata. jsp -->
2. <%
3. Org. Apache. Struts. util. tokenprocessor. getinstance (). savetoken (request );
4. %>
5. <Form action = "savedata. jsp" method = "Post">
6. <Input type = "hidden" name = "org.apache.struts.taglib.html. token "value =" <% = session. getattribute ("org. apache. struts. action. token ") %>"/>
7. <Input type = "text" name = "username"/>
8. <Input type = "text" name = "password"/>
9. <Input type = "Submit" value = "Submit"/>
10. </Form>

1. <! -- Savedata. jsp -->
2. <%
3. Thread. Sleep (3000 );
4. String username = NULL;
5. String Password = NULL;
7. If (Org. Apache. Struts. util. tokenprocessor. getinstance (). istokenvalid (request, true )){
8. Username = request. getparameter ("username ");
9. Password = request. getparameter ("password ");
10. System. Out. println (Val + "********** Username:" + username );
11. System. Out. println (Val + "********** password:" + password );
12. Org. Apache. Struts. util. tokenprocessor. getinstance (). resettoken (request );
13. } Else {
14. Org. Apache. Struts. util. tokenprocessor. getinstance (). savetoken (request );
15. System. Out. println ("error ");
16. }
17. %>

The savetoken method generates a token value and stores it in the session. Session name: org. Apache. Struts. Action. Token.

Istokenvalid (request, true): checks whether the submission token value is the same as the session value. True indicates that the method is called and a token value is generated again, so that only one submission is accepted.

------------------------------------------- I am a glorious splitting line --------------------------------------------

Struts has a complete token mechanism to prevent repeated submission of forms. However, if you do not need struts framework, you need to write the tokens to prevent the user from submitting the form content repeatedly because of the backend or refresh.

Implementation principle: consistency. When a JSP generates a form, insert a hidden <input> field into the form. This field is the token string stored on the page and saved to the session. When the user submits a form, the hidden token string is submitted together. On the server side, check whether the session contains a string equal to the token string. If yes, it indicates that the form is submitted for the first time, and then the token string stored in the session is deleted before the normal business logic flow. If not, the form is submitted repeatedly, abnormal process processing. You can warn or do nothing.

1. Public class token {
3. Public static final string token = "token ";
5. Public static string generatetoken (){
6. Return (New Long (system. currenttimemillis (). tostring ();
7. }
9. Public static string gettoken (httpsession session ){
10. String token = generatetoken ();
11. Savetoken (Session, token );
12. Return Token;
13. }
15. Public static void savetoken (httpsession session, string token ){
16. Arraylist <string> tokenlist = gettokenlist (session );
17. Tokenlist. Add (token );
18. Session. setattribute ("tokenlist", tokenlist );
19. }
21. @ Suppresswarnings ("unchecked ")
22. Public static arraylist <string> gettokenlist (httpsession session ){
23. Object OBJ = session. getattribute ("tokenlist ");
24. If (OBJ! = NULL ){
25. Return (arraylist) OBJ;
26. } Else {
27. Arraylist <string> tokenlist = new arraylist <string> ();
28. Return tokenlist;
29. }
30. }
32. Public static Boolean istokenvalid (httpsession session, string token ){
33. Boolean isvalid = false;
34. If (session! = NULL ){
35. Arraylist <string> tokenlist = gettokenlist (session );
36. // If the tokenlist contains a token (the token (long type) generated on a single table page), it indicates that the token has not been processed by tokenlist. Remove (token), which is the first processing.
37. // If the tokenlist does not contain a token, it indicates that this token has been processed by tokenlist. Remove (token), which means that this operation is repeated.
38. If (tokenlist. Contains (token )){
39. Isvalid = true;
40. Tokenlist. Remove (token );
41. }
42. }
43. Return isvalid;
44. }
45. }

The following are two test pages:

1. <! -- Insert. jsp -->
3. <% @ Page import = "edu. HUST. Common. Token" %>
5. <Form action = "Action. jsp" method = "get">
6. <Input name = "name">
7. <Input type = "hidden" name = "<% = test. Token %>" value = "<% = test. gettoken (Session) %>">
8. <Input type = "Submit" value = "Submit">
9. </Form>

1. <! -- Action. jsp -->
2. <% @ Page contenttype = "text/html; charset = GBK" %>
3. <% @ Page import = "edu. HUST. Common. Token" %>
4. <%
5. String name = request. getparameter ("name ");
6. String token = request. getparameter (test. Token );
7. System. Out. println (token );
8. If (test. istokenvalid (Session, token )){
9. %>
10. // Perform insert () and other operations
11. <%
12. } Else {
13. %>
14. // Repeated submission
15. <%
16. }
17. %>