Win a copy of Design for the Mind this week in the Design forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Server-side check for back button

 
L Duperval
Ranch Hand
Posts: 63
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,

I'm scouring the 'net trying to find a solution for this, but I haven't seen anything that fits the bill yet.

I need to ensure that:

  • my application has only one point of entry
  • there is no double posting
  • the user cannot use the Back button for anything that requires posting data


  • I'm stuck with Struts 1.1 for now. I'm looking for a solution that
  • Doesn't require subclassing a different type of action
  • Doesn't require patching the struts.xml file since we have a pretty rigid structure we have to follow
  • Doesn't require the use of cookies, javascriptor anything else that can be disabled by the user


  • Any ideas or suggestions are most welcome.

    Thanks.

    L
     
    s penumudi
    Ranch Hand
    Posts: 113
    • Mark post as helpful
    • send pies
    • Quote
    • Report post to moderator
    There is a J2ee Design Pattern which you can use to get rid of some/all of your problems.

    I guess the pattern name is called "Token Syncronization". I am sorry I cannot recall exact name of the pattern.

    This pattern is used to handle multiple form submissions. I guess this can be used for back button Issue.

    This is how it works. Application should maintain a token (any unique number) in the user session. This value should also be maintained in the user interface as an hidden field. So, when user submits the form, from your Action class check if the value returned by the hidden field is same as the value in the user session. If both values match, then user is submitting that form for the first time. Soon after you check the value update the value in the user session. Now, when user clicks on back button and resubmits the form, the value that was sent by user does not match with the value in user session. In which case you may not process request or return error message to user saying request is already submitted.

    If someone bookmark that page and later try to access that page, then check for the validity of the user session. If he has invalid session then redirect him to your login page.

    If you can browse through sun web site you might find some example for this approach.

    Hope this helps. Do let us know if you have a better solution to your problem.
     
    It is sorta covered in the JavaRanch Style Guide.
    • Post Reply
    • Bookmark Topic Watch Topic
    • New Topic