Disabling a submit button via javascript will not let a user submit the form more than once? The token mechanism is a server side check. What are the pros-cons of either approach?
Never be satisfied with anything less than the best and you will surely pass the test...
Merrill Higginson
Ranch Hand
Joined: Feb 15, 2005
Posts: 4864
posted
0
The rule of thumb is that any time you impose a restriction and rely on client-side code to enforce that restriction, you should also back up that restriction with server-side code. The reason for this is that users can turn off JavaScript on their browsers.
Action 2: if (tokenValid) { resetToken(); doSaveOperation() } else {
??? }
I am confused about the else. When the first submit has been performed, the action class starts processign the same. The second submit must not succeed, however, I dont want to send the user to some error page as they need to know the results of the first submit when it completes.
What am I missing here?
Merrill Higginson
Ranch Hand
Joined: Feb 15, 2005
Posts: 4864
posted
0
In the "else" condition, just return an ActionForward that points back to the submitting JSP. That's it. No other processing.
Kalichar Rangantittu
Ranch Hand
Joined: Jan 15, 2002
Posts: 240
posted
0
Hi Merril,
Thanks for the assistance. However, I dont understand something. If I were to forward back to the calling page on the invalid token submit, then how will the user get notified of the success/failure of the first submission that had a valid token?
Thanks.
I agree. Here's the link: http://ej-technologies/jprofiler - if it wasn't for jprofiler, we would need to
run our stuff on 16 servers instead of 3.
0
