File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes Struts and the fly likes Preventing multiple posts...with popup windows in the mix Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Frameworks » Struts
Bookmark "Preventing multiple posts...with popup windows in the mix" Watch "Preventing multiple posts...with popup windows in the mix" New topic
Author

Preventing multiple posts...with popup windows in the mix

Brent Sterling
Ranch Hand

Joined: Feb 08, 2006
Posts: 948
First off, I just registered for this forum today. There seems to be a lot of knowledge Struts developers here and I have learned a few things looking around. Okay enough flattery...I saw the "Preventing multiple posts" FAQ entry and I wanted to ask a related question. This was an issue that I tried to solve a year or two ago, so my memory is a little rusty. BTW, I am (still) using Struts 1.1.

I wanted to hook up code to prevent multiple submissions. It seemed to work initially, but popup windows caused it to fail. When I say "popup windows" I am referring to an example such as a page where you can edit a person and when you click a link there is a popup window where you can edit a list of phone numbers. That is not a real example, but my project has a number of these popup windows.

So the flow is that the user is at the base edit page. This page is rendered with a TOKEN of "AAA". They click the link to bring up the child popup window. This page is rendered with a TOKEN of "BBB". The user clicks the Save button on the popup window and the call to isTokenValid works correctly. Now the user is back to the base page and they click the Save button. This time the call to isTokenValid fails because this page is submitted with a TOKEN of "AAA" but the popup window set the value on the session to "BBB".

Has anybody else had to deal with this issue? If so, how did you solve it?

BTW, one thing that I did that seemed like a good idea...well if the other part was working. I create a custom class derived from RequestActionMapping and added a property named synchronize that defaults to false. I then only set this to true for actions such as saves. In my base action class, I check this property and only call isTokenValid when it is true.

- Brent

(Edited to clarify text)
[ November 01, 2006: Message edited by: Brent Sterling ]
Merrill Higginson
Ranch Hand

Joined: Feb 15, 2005
Posts: 4864
My solution to this would be to use the saveToken and isTokenValid methods more sparingly. If I'm opeing up a popup window that has a user enter an address that I'm just saving in the session to be added to the database later when all the other information is gathered, there's really no reason to do a saveToken before displaying that page. The user can resubmit all he wants, but it still isn't going to affect the outcome.

I only use saveToken before a page I know could save to the database, and I only check isTokenValid when such a page has been submitted.


Merrill
Consultant, Sima Solutions
Brent Sterling
Ranch Hand

Joined: Feb 08, 2006
Posts: 948
Merrill:

Thanks for the tip. In most cases the popup window also saves to the database so ideally they would both call saveToken and isTokenValid. Right now every action calls saveToken, but only certain actions call isTokenValid. The action knows if it is a parent window or a child window, so maybe there is something that I could do in the save of the child window that would reset the token on the session. hmmm....

- Brent
Brent Sterling
Ranch Hand

Joined: Feb 08, 2006
Posts: 948
This issue (preventing multiple submissions) has bubbled back to the surface. Does anybody have other ideas this time around? I am thinking about abandoning the Struts token processing and just going with a client JavaScript solution. The application requires JavaScript to be enabled and we only need to support a recent version of IE so this seems like a doable approach. (plus I am still not clear the best way to handle the case where isValidToken return false).

- Brent
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Preventing multiple posts...with popup windows in the mix