File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

restricting the clicling on submit button several times.

 
rama rajesh
Greenhorn
Posts: 28
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
hi,

how can we restrict the cliking of the "submit" button several times. i know oneway disabling the "submit" button after first click.
But if anyone knows it programmatically, please let me know(any otherway of restricting the clicking of submit button).
 
Lester Burnham
Rancher
Posts: 1337
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
You can include a unique (maybe numeric) token as part of the request. The server can then check if a form submit for that token has already happened, and -if it has- not process the request. The tokens sent to the client need to be tracked on the server, so that any URL manipulation on the client can also be detected.
 
Ravi Kiran Va
Ranch Hand
Posts: 2234
Eclipse IDE Firefox Browser Redhat
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
You can include a unique (maybe numeric) token as part of the request.

( having them with the help of hidden parameters inside jsp )
So you mean to say that hardocde this token inside every JSP / HTML Page ?? , do you really mean this or something else ??
 
Jeanne Boyarsky
author & internet detective
Marshal
Posts: 33691
316
Eclipse IDE Java VI Editor
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Ravi Kiran Va wrote:
You can include a unique (maybe numeric) token as part of the request.

( having them with the help of hidden parameters inside jsp )
So you mean to say that hardocde this token inside every JSP / HTML Page ?? , do you really mean this or something else ??

Not hardcode, but code. One typically uses a filter or framework to add the token to every page as it renders. This works for JSP pages, but not HTML pages.

The OWASP CSRF filter actually uses the technique, but to solve a different problem. They generate one token for the session and all requests must have it. That way someone can't impersonate the user by stealing their links.
 
Ravi Kiran Va
Ranch Hand
Posts: 2234
Eclipse IDE Firefox Browser Redhat
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks Jeanne ,
It was interesting to know this new point for me .

One typically uses a filter or framework to add the token to every page as it renders.


But typically , whats your advice on as how to proceed with this approach ,because Filter Generated Code would be dynamic for every page and later in next Layer how the servlet will know that it has to validate this content (The dynamic code generated by the Filter )??


Thanks .

 
Ravi Kiran Va
Ranch Hand
Posts: 2234
Eclipse IDE Firefox Browser Redhat
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
After 10 days of patience


how to proceed with this approach ,because Filter Generated Code would be dynamic for every page and later in next Layer how the servlet will know that it has to validate this content (The dynamic code generated by the Filter )??


I dont want to use any sessionTokienizer for this .I want to manually code this

Could any body please take some time to answer my question .
 
Paul Sturrock
Bartender
Posts: 10336
Eclipse IDE Hibernate Java
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I don't understand your question. What do you mean by "Filter Generated Code would be dynamic for every page" - filters are applied to requests, they are not associated with pages.
 
Ravi Kiran Va
Ranch Hand
Posts: 2234
Eclipse IDE Firefox Browser Redhat
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Paul ,
What do i mean is that , as i want to avoid duplicate submission from a single page , so for this purpose the String that was generated by the request should be known by the controller to validate if its a first request or not ??

Thanks .
 
It is sorta covered in the JavaRanch Style Guide.
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic