Win a copy of Mesos in Action this week in the Cloud/Virtualizaton forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Java script disabling versus Token usage

 
Kalichar Rangantittu
Ranch Hand
Posts: 240
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,

Disabling a submit button via javascript will not let a user submit the form more than once? The token mechanism is a server side check. What are the pros-cons of either approach?
 
Merrill Higginson
Ranch Hand
Posts: 4864
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
The rule of thumb is that any time you impose a restriction and rely on client-side code to enforce that restriction, you should also back up that restriction with server-side code. The reason for this is that users can turn off JavaScript on their browsers.

My advice, then, is to use both approaches.
 
Kalichar Rangantittu
Ranch Hand
Posts: 240
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I am a bit confused on the tokens.

For example,

Action 1:
saveToken() and forward to JSP

JSP :
Submit

Action 2:
if (tokenValid) {
resetToken();
doSaveOperation()
} else {

???
}

I am confused about the else. When the first submit has been performed, the action class starts processign the same. The second submit must not succeed, however, I dont want to send the user to some error page as they need to know the results of the first submit when it completes.

What am I missing here?
 
Merrill Higginson
Ranch Hand
Posts: 4864
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
In the "else" condition, just return an ActionForward that points back to the submitting JSP. That's it. No other processing.
 
Kalichar Rangantittu
Ranch Hand
Posts: 240
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Merril,

Thanks for the assistance. However, I dont understand something. If I were to forward back to the calling page on the invalid token submit, then how will the user get notified of the success/failure of the first submission that had a valid token?

Thanks.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic