Three scenarios for avoiding form duplication submission in Web applications

web| Repeat | The first two types of repetition are the use of JavaScript, followed by a reference implementation with struts:

　　 1, JavaScript, set a variable, only allowed to submit once.

<script language= "JavaScript" > var checksubmitflg = false; function Checksubmit () { if (Checksubmitflg = = true) {return false; } CHECKSUBMITFLG = true; return true; } Document.ondblclick = function Docondblclick () { window.event.returnValue = false; } Document.onclick = function Doconclick () { if (CHECKSUBMITFLG) { Window.event.returnValue = false; } } </script>

　　 2, or JavaScript, the submit button or image to the Disable



　　 3, the use of struts synchronization token mechanism

Using the synchronization token (Token) mechanism to solve the problem of repeated submissions in Web applications, struts also gives a reference implementation.

Basic principle:

The server side compares the token value contained in the request to the token value saved in the current user session before processing the incoming request.

See if it matches. After the request has been processed, and before the reply is sent to the client, a new token is generated, which, in addition to passing to the

Client, the old token that is saved in the user's session is also replaced. This way if the user returns to the previous submission page and again

If submitted, the token from the client is inconsistent with the server-side token, effectively preventing the recurrence of the commit.

if (Istokenvalid (request, True)) { //Your code here return Mapping.findforward ("Success");} else{ Savetoken (request); Return Mapping.findforward ("Submitagain");

Struts generates a unique (for each session) token based on the user's session ID and current system time, and the implementation can refer to the Generatetoken () method in the Tokenprocessor class.

1.//Verify the transaction control token, --> Automatically generates an implied input token from the session identifier to prevent two submissions

2. In action:

<input type= "hidden" name= "Org.apache.struts.taglib.html.TOKEN" //Value= " 6aa35341f25184fd996c4c918255c3ae "> if (!istokenvalid (Request)) Errors.add (Actionerrors.global_error, New Actionerror ("Error.transaction.token")); Resettoken (request); Remove tokens from session

3. Action has such a method of generating tokens

Protected String Generatetoken (HttpServletRequest request) { HttpSession session = request.getsession (); Try { byte id[] = session.getid (). GetBytes (); byte now[] = new Long (System.currenttimemillis ()). ToString (). GetBytes (); MessageDigest MD = messagedigest.getinstance ("MD5"); Md.update (ID); Md.update (now); Return (Tohex (Md.digest ())); } catch (IllegalStateException e) {return (null); } catch (NoSuchAlgorithmException e) { return (null); }