*
The moose likes Servlets and the fly likes restricting the clicling on submit button several times. Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Servlets
Bookmark "restricting the clicling on submit button several times." Watch "restricting the clicling on submit button several times." New topic
Author

restricting the clicling on submit button several times.

rama rajesh
Greenhorn

Joined: Jun 22, 2010
Posts: 28
hi,

how can we restrict the cliking of the "submit" button several times. i know oneway disabling the "submit" button after first click.
But if anyone knows it programmatically, please let me know(any otherway of restricting the clicking of submit button).
Lester Burnham
Rancher

Joined: Oct 14, 2008
Posts: 1337
You can include a unique (maybe numeric) token as part of the request. The server can then check if a form submit for that token has already happened, and -if it has- not process the request. The tokens sent to the client need to be tracked on the server, so that any URL manipulation on the client can also be detected.
Ravi Kiran Va
Ranch Hand

Joined: Apr 18, 2009
Posts: 2234

You can include a unique (maybe numeric) token as part of the request.

( having them with the help of hidden parameters inside jsp )
So you mean to say that hardocde this token inside every JSP / HTML Page ?? , do you really mean this or something else ??


Save India From Corruption - Anna Hazare.
Jeanne Boyarsky
internet detective
Marshal

Joined: May 26, 2003
Posts: 30537
    
150

Ravi Kiran Va wrote:
You can include a unique (maybe numeric) token as part of the request.

( having them with the help of hidden parameters inside jsp )
So you mean to say that hardocde this token inside every JSP / HTML Page ?? , do you really mean this or something else ??

Not hardcode, but code. One typically uses a filter or framework to add the token to every page as it renders. This works for JSP pages, but not HTML pages.

The OWASP CSRF filter actually uses the technique, but to solve a different problem. They generate one token for the session and all requests must have it. That way someone can't impersonate the user by stealing their links.


[Blog] [JavaRanch FAQ] [How To Ask Questions The Smart Way] [Book Promos]
Blogging on Certs: SCEA Part 1, Part 2 & 3, Core Spring 3, OCAJP, OCPJP beta, TOGAF part 1 and part 2
Ravi Kiran Va
Ranch Hand

Joined: Apr 18, 2009
Posts: 2234

Thanks Jeanne ,
It was interesting to know this new point for me .

One typically uses a filter or framework to add the token to every page as it renders.


But typically , whats your advice on as how to proceed with this approach ,because Filter Generated Code would be dynamic for every page and later in next Layer how the servlet will know that it has to validate this content (The dynamic code generated by the Filter )??


Thanks .

Ravi Kiran Va
Ranch Hand

Joined: Apr 18, 2009
Posts: 2234

After 10 days of patience


how to proceed with this approach ,because Filter Generated Code would be dynamic for every page and later in next Layer how the servlet will know that it has to validate this content (The dynamic code generated by the Filter )??


I dont want to use any sessionTokienizer for this .I want to manually code this

Could any body please take some time to answer my question .
Paul Sturrock
Bartender

Joined: Apr 14, 2004
Posts: 10336

I don't understand your question. What do you mean by "Filter Generated Code would be dynamic for every page" - filters are applied to requests, they are not associated with pages.


JavaRanch FAQ HowToAskQuestionsOnJavaRanch
Ravi Kiran Va
Ranch Hand

Joined: Apr 18, 2009
Posts: 2234

Paul ,
What do i mean is that , as i want to avoid duplicate submission from a single page , so for this purpose the String that was generated by the request should be known by the controller to validate if its a first request or not ??

Thanks .
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: restricting the clicling on submit button several times.