| Author |
Difference Between saveToken and resetToken
|
Dhwaj Kuul
Greenhorn
Joined: Jul 10, 2006
Posts: 7
|
|
I am using the Synchronized token pattern for avoiding double submits.
But I am a little confused about the difference between 'Saving a Token' and 'Reseting a Token'. I would really appreciate if anybody could shed some light on what the exact difference is between the following methods:
resetToken(HttpServletRequest) /
isTokenValid(HttpServletRequest, true)
And
saveToken(HttpServletRequest)
|
 |
Brent Sterling
Ranch Hand
Joined: Feb 08, 2006
Posts: 948
|
|
I only have a few minutes...so let's see if I can explain this. During the action that displays your edit page, you call the saveToken method. This generated a new token and saves it on the session (the html:form tag detects this value and stores it as a hidden value on your html form). During the action that saves your data, you call the isTokenValid method. This method checks that the value submitted matches the token saved on the session. If the token is valid, then you should call resetToken. This clears the token on the session. Now if the user submits the page again, the token on the session will be cleared so the second call to isTokenValid will fail.
Does that help?
Edited to say that I do not think you have to call resetToken if you pass true in as the second parameter to isTokenValid.
- Brent
[ September 26, 2006: Message edited by: Brent Sterling ]
|
|
Dhwaj Kuul
Greenhorn
Joined: Jul 10, 2006
Posts: 7
|
|
Ok Cool!! just summarizing -
reset token only clears the token in the session
while
save token actually generates a new token and saves it in the session.
I hope I have understood it right.
Thanks a lot Brent.
- Dhwaj
|
|
 |
|
|
subject: Difference Between saveToken and resetToken
|
|
|
0
