restricting the clicling on submit button several times.
rama rajesh
Greenhorn
Joined: Jun 22, 2010
Posts: 28
posted
0
hi,
how can we restrict the cliking of the "submit" button several times. i know oneway disabling the "submit" button after first click.
But if anyone knows it programmatically, please let me know(any otherway of restricting the clicking of submit button).
Lester Burnham
Rancher
Joined: Oct 14, 2008
Posts: 1337
posted
0
You can include a unique (maybe numeric) token as part of the request. The server can then check if a form submit for that token has already happened, and -if it has- not process the request. The tokens sent to the client need to be tracked on the server, so that any URL manipulation on the client can also be detected.
You can include a unique (maybe numeric) token as part of the request.
( having them with the help of hidden parameters inside jsp )
So you mean to say that hardocde this token inside every JSP / HTML Page ?? , do you really mean this or something else ??
You can include a unique (maybe numeric) token as part of the request.
( having them with the help of hidden parameters inside jsp )
So you mean to say that hardocde this token inside every JSP / HTML Page ?? , do you really mean this or something else ??
Not hardcode, but code. One typically uses a filter or framework to add the token to every page as it renders. This works for JSP pages, but not HTML pages.
The OWASP CSRF filter actually uses the technique, but to solve a different problem. They generate one token for the session and all requests must have it. That way someone can't impersonate the user by stealing their links.
Thanks Jeanne ,
It was interesting to know this new point for me .
One typically uses a filter or framework to add the token to every page as it renders.
But typically , whats your advice on as how to proceed with this approach ,because Filter Generated Code would be dynamic for every page and later in next Layer how the servlet will know that it has to validate this content (The dynamic code generated by the Filter )??
how to proceed with this approach ,because Filter Generated Code would be dynamic for every page and later in next Layer how the servlet will know that it has to validate this content (The dynamic code generated by the Filter )??
I dont want to use any sessionTokienizer for this .I want to manually code this
Could any body please take some time to answer my question .
I don't understand your question. What do you mean by "Filter Generated Code would be dynamic for every page" - filters are applied to requests, they are not associated with pages.
Paul ,
What do i mean is that , as i want to avoid duplicate submission from a single page , so for this purpose the String that was generated by the request should be known by the controller to validate if its a first request or not ??
0
