This week's book giveaway is in the Java in General forum. We're giving away four copies of Think Java: How to Think Like a Computer Scientist and have Allen B. Downey & Chris Mayfield on-line! See this thread for details.
What is the best practice on using isTokenValid()? Does one use if for all form posts to check for duplicate or only on those that issue a transaction like Save or Update? In other words does a search need to use the token checking on form post?
Never be satisfied with anything less than the best and you will surely pass the test...
posted 9 years ago
I say there's no point in dealing with the overhead of tokens in situations where it doesn't really matter if the user submits twice. In a search, there's no real harm done if there's a double submit.