• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Java script disabling versus Token usage

 
Ranch Hand
Posts: 240
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi,

Disabling a submit button via javascript will not let a user submit the form more than once? The token mechanism is a server side check. What are the pros-cons of either approach?
 
Ranch Hand
Posts: 4864
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
The rule of thumb is that any time you impose a restriction and rely on client-side code to enforce that restriction, you should also back up that restriction with server-side code. The reason for this is that users can turn off JavaScript on their browsers.

My advice, then, is to use both approaches.
 
Kalichar Rangantittu
Ranch Hand
Posts: 240
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I am a bit confused on the tokens.

For example,

Action 1:
saveToken() and forward to JSP

JSP :
Submit

Action 2:
if (tokenValid) {
resetToken();
doSaveOperation()
} else {

???
}

I am confused about the else. When the first submit has been performed, the action class starts processign the same. The second submit must not succeed, however, I dont want to send the user to some error page as they need to know the results of the first submit when it completes.

What am I missing here?
 
Merrill Higginson
Ranch Hand
Posts: 4864
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
In the "else" condition, just return an ActionForward that points back to the submitting JSP. That's it. No other processing.
 
Kalichar Rangantittu
Ranch Hand
Posts: 240
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi Merril,

Thanks for the assistance. However, I dont understand something. If I were to forward back to the calling page on the invalid token submit, then how will the user get notified of the success/failure of the first submission that had a valid token?

Thanks.
 
With a little knowledge, a cast iron skillet is non-stick and lasts a lifetime.
reply
    Bookmark Topic Watch Topic
  • New Topic