Granny's Programming Pearls
"inside of every large program is a small program struggling to get out"
JavaRanch.com/granny.jsp
The moose likes Struts and the fly likes Problem with token Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


JavaRanch » Java Forums » Frameworks » Struts
Bookmark "Problem with token" Watch "Problem with token" New topic
Author

Problem with token

Michael Brown
Greenhorn

Joined: May 05, 2008
Posts: 27
Hi to all!

I have an action in which I enter some data that are about to be inserted into Database.
Let's call it NewTransaction.action

When I click on the button "save" , it opens action DoInsert.action which does the actual insert.

Now, this is how my DoInsert action looks in struts.xml:


Here is my problem:

When entering data in NewTransaction.action , sometimes I need to open a new window and insert some data in order to select it in NewTransaction.action.
But, when I try to save NewTransaction.action , invalid.token error occures!

I tried this by opening a link in a new window with


And it really opens in new window, it saves, but later I cannot save my NewTransaction...

How can I prevent this?

David Newton
Author
Rancher

Joined: Sep 29, 2008
Posts: 12617

Is it working if you don't open the new window?

My guess would be that since the tokens are generated on a session level that there's an entirely new token in the new window (since it's a new request), which basically blasts away the old one from the original window. I can't think of a trivial way around this, if that's what's actually wrong.
Michael Brown
Greenhorn

Joined: May 05, 2008
Posts: 27
David Newton wrote:Is it working if you don't open the new window?

My guess would be that since the tokens are generated on a session level that there's an entirely new token in the new window (since it's a new request), which basically blasts away the old one from the original window. I can't think of a trivial way around this, if that's what's actually wrong.


Hi David!

Yes, if I don't open a new window and enter some data in it, it work just fine...

I cannot believe that there is no solution for this kind of situation when someone needs to open a LOV ( list of values ) while entering some data in a JSP, and eventually sometimes add data to this LOV and then select a row from it in order to complete main transaction...

David Newton
Author
Rancher

Joined: Sep 29, 2008
Posts: 12617

You could look in to how Seam supports multiple conversations per-session and see if you could implement something like that.

Most people don't open a new window just to add some additional data, especially in these days of Ajax etc. If you understand the session-based token mechanism, you can understand why your approach won't work with the default mechanism. Why not just disable the submit button onclick--that way you don't need session tokens at all. IMO they're more trouble than it's worth, and we haven't brought up what happens when the user opens another browser window or tab--bye bye session tokens.
 
GeeCON Prague 2014
 
subject: Problem with token