aspose file tools*
The moose likes OO, Patterns, UML and Refactoring and the fly likes How good is PRG (POST/REDIRECT/GET) pattern in avoiding duplicate form submission? Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Engineering » OO, Patterns, UML and Refactoring
Bookmark "How good is PRG (POST/REDIRECT/GET) pattern in avoiding duplicate form submission?" Watch "How good is PRG (POST/REDIRECT/GET) pattern in avoiding duplicate form submission?" New topic
Author

How good is PRG (POST/REDIRECT/GET) pattern in avoiding duplicate form submission?

Ravi C Kota
Ranch Hand

Joined: Jan 29, 2008
Posts: 61
Hello fellow ranchers,

I was reading through PRG Pattern for avoiding the duplicate form submission and wanted to get some practical advantages, disadvantages of this pattern, if any body has used it. From the diagrams that were given in the post, I see that duplicate submission can be avoided, if the duplicate submission is made during/after redirect is done. But how about a duplicate submission that happens, even before a redirect is initiated.

What are the other ways to avoid duplicate submission. Some of the solutions, which I saw, implemented are as follows

1) disabling the submit button, but a back button would enable it.
2) Using a flag for the entire session, based on which the button is enabled/disabled.
3) Verification and comparision of the data that is being submitted to the already existing one. This is absolutely inefficient in most real time cases, as it increases the time complexity. But still a solution, though not an efficient.


Can some one give me more possible solutions, that can be implemented and how can PRG be leveraged.

[edit by Roberto Perillo: changing POST/REDIRECT/GOOD in the subject to POST/REDIRECT/GET to avoid misunderstandings]


Thanks & Regards, Ravi C.Kota
SCJP 5.0, OCDJWS 5.0
Karthik Shiraly
Ranch Hand

Joined: Apr 04, 2009
Posts: 475
    
    3
There's the Synchronizer Token pattern which is a core JavaEE pattern, and implemented by popular MVC frameworks like Struts.
Briefly, a token t1 is generated, stored in session, and included in the JSP <form>.
When user submits form, the servlet/action/controller checks that the token it got in the POST request matches the one in its session.
If it matches, it resets the token to a new value t2, and proceeds to complete the request.

Now if user presses submit again, the form contains t1 but the session already has t2. Abort the request.
If user presses Back after the PRG, assuming browser has cached the page, the page will again contain t1. Abort the request.
If user presses Refresh after the PRG, page will now contain new token t2 and the request will go through.

I use combination of disabling button (javascript) and sync token provided by the framework.
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 60059
    
  65

PRG = Post/Redirect/Get


[Asking smart questions] [Bear's FrontMan] [About Bear] [Books by Bear]
Ravi C Kota
Ranch Hand

Joined: Jan 29, 2008
Posts: 61
Bear Bibeault wrote:PRG = Post/Redirect/Get


Yes, It was a typo.... too quick on my keyboard... I apologize.
Ravi C Kota
Ranch Hand

Joined: Jan 29, 2008
Posts: 61
Karthik Shiraly wrote:There's the Synchronizer Token pattern which is a core JavaEE pattern, and implemented by popular MVC frameworks like Struts.
Briefly, a token t1 is generated, stored in session, and included in the JSP <form>.
When user submits form, the servlet/action/controller checks that the token it got in the POST request matches the one in its session.
If it matches, it resets the token to a new value t2, and proceeds to complete the request.

Now if user presses submit again, the form contains t1 but the session already has t2. Abort the request.
If user presses Back after the PRG, assuming browser has cached the page, the page will again contain t1. Abort the request.
If user presses Refresh after the PRG, page will now contain new token t2 and the request will go through.

I use combination of disabling button (javascript) and sync token provided by the framework.


Thanks Karthik
Elchin Asgarli
Ranch Hand

Joined: Mar 08, 2010
Posts: 222

I always thought of this pattern as something that should be normally done to comply with MVC 2. So is it a different pattern or some kind of "subpattern" of MVC 2?


Personal page, SCJP 6 with 91%, SCWCD 5 with 84%, OCMJD
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: How good is PRG (POST/REDIRECT/GET) pattern in avoiding duplicate form submission?
 
Similar Threads
Which one Get or Post?
Synchronized token patteren in J2EE
Removing HttpServletRequest parameters
Problem of resubmisson in struts2
Different Types of Redirect techniques that are used in Struts2