This week's giveaway is in the Android forum.
We're giving away four copies of Android Security Essentials Live Lessons and have Godfrey Nolan on-line!
See this thread for details.
The moose likes Struts and the fly likes Question on Synchronizer token Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login

Win a copy of Android Security Essentials Live Lessons this week in the Android forum!
JavaRanch » Java Forums » Frameworks » Struts
Bookmark "Question on Synchronizer token" Watch "Question on Synchronizer token" New topic

Question on Synchronizer token

Kalichar Rangantittu
Ranch Hand

Joined: Jan 15, 2002
Posts: 240
I am using a DispatchAction in my application. I would also like to use the saveToken() isTokenValid() functionality provided by struts.

After a saveToken() call, the resulting page that is displayed has the token of the form <input type="hidden" name="org...TOKEN" value="@$@$@45#$%"/>

When the form is submitted, the action that checks for isTokenValid(request) fails. Why would this occur?

Never be satisfied with anything less than the best and you will surely pass the test...
Dileep Kamath

Joined: Jul 15, 2006
Posts: 19
Please try to print the session attribute stored against org.apache.struts.Globals.TRANSACTION_TOKEN_KEY and see if it matches with the one in the html source.
It is sorta covered in the JavaRanch Style Guide.
subject: Question on Synchronizer token
Similar Threads
Double submit problem
form resubmission
How do I use tokens to prevent user from multiple submission
defect in struts token mechanism to handle multiple submit
Preventing multiple posts...with popup windows in the mix