First off, I just registered for this forum today. There seems to be a lot of knowledge Struts developers here and I have learned a few things looking around. Okay enough flattery...I saw the "Preventing multiple posts" FAQ entry and I wanted to ask a related question. This was an issue that I tried to solve a year or two ago, so my memory is a little rusty. BTW, I am (still) using Struts 1.1.
I wanted to hook up code to prevent multiple submissions. It seemed to work initially, but popup windows caused it to fail. When I say "popup windows" I am referring to an example such as a page where you can edit a person and when you click a link there is a popup window where you can edit a list of phone numbers. That is not a real example, but my project has a number of these popup windows.
So the flow is that the user is at the base edit page. This page is rendered with a TOKEN of "AAA". They click the link to bring up the child popup window. This page is rendered with a TOKEN of "BBB". The user clicks the Save button on the popup window and the call to isTokenValid works correctly. Now the user is back to the base page and they click the Save button. This time the call to isTokenValid fails because this page is submitted with a TOKEN of "AAA" but the popup window set the value on the session to "BBB".
Has anybody else had to deal with this issue? If so, how did you solve it?
BTW, one thing that I did that seemed like a good idea...well if the other part was working. I create a custom class derived from RequestActionMapping and added a property named synchronize that defaults to false. I then only set this to true for actions such as saves. In my base action class, I check this property and only call isTokenValid when it is true.
(Edited to clarify text) [ November 01, 2006: Message edited by: Brent Sterling ]
My solution to this would be to use the saveToken and isTokenValid methods more sparingly. If I'm opeing up a popup window that has a user enter an address that I'm just saving in the session to be added to the database later when all the other information is gathered, there's really no reason to do a saveToken before displaying that page. The user can resubmit all he wants, but it still isn't going to affect the outcome.
I only use saveToken before a page I know could save to the database, and I only check isTokenValid when such a page has been submitted.
Thanks for the tip. In most cases the popup window also saves to the database so ideally they would both call saveToken and isTokenValid. Right now every action calls saveToken, but only certain actions call isTokenValid. The action knows if it is a parent window or a child window, so maybe there is something that I could do in the save of the child window that would reset the token on the session. hmmm....
Joined: Feb 08, 2006