aspose file tools*
The moose likes Struts and the fly likes Java script disabling versus Token usage Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of The Java EE 7 Tutorial Volume 1 or Volume 2 this week in the Java EE forum
or jQuery UI in Action in the JavaScript forum!
JavaRanch » Java Forums » Frameworks » Struts
Bookmark "Java script disabling versus Token usage" Watch "Java script disabling versus Token usage" New topic
Author

Java script disabling versus Token usage

Kalichar Rangantittu
Ranch Hand

Joined: Jan 15, 2002
Posts: 240
Hi,

Disabling a submit button via javascript will not let a user submit the form more than once? The token mechanism is a server side check. What are the pros-cons of either approach?


Never be satisfied with anything less than the best and you will surely pass the test...
Merrill Higginson
Ranch Hand

Joined: Feb 15, 2005
Posts: 4864
The rule of thumb is that any time you impose a restriction and rely on client-side code to enforce that restriction, you should also back up that restriction with server-side code. The reason for this is that users can turn off JavaScript on their browsers.

My advice, then, is to use both approaches.


Merrill
Consultant, Sima Solutions
Kalichar Rangantittu
Ranch Hand

Joined: Jan 15, 2002
Posts: 240
I am a bit confused on the tokens.

For example,

Action 1:
saveToken() and forward to JSP

JSP :
Submit

Action 2:
if (tokenValid) {
resetToken();
doSaveOperation()
} else {

???
}

I am confused about the else. When the first submit has been performed, the action class starts processign the same. The second submit must not succeed, however, I dont want to send the user to some error page as they need to know the results of the first submit when it completes.

What am I missing here?
Merrill Higginson
Ranch Hand

Joined: Feb 15, 2005
Posts: 4864
In the "else" condition, just return an ActionForward that points back to the submitting JSP. That's it. No other processing.
Kalichar Rangantittu
Ranch Hand

Joined: Jan 15, 2002
Posts: 240
Hi Merril,

Thanks for the assistance. However, I dont understand something. If I were to forward back to the calling page on the invalid token submit, then how will the user get notified of the success/failure of the first submission that had a valid token?

Thanks.
 
jQuery in Action, 2nd edition
 
subject: Java script disabling versus Token usage