I am using the Synchronized token pattern for avoiding double submits. But I am a little confused about the difference between 'Saving a Token' and 'Reseting a Token'. I would really appreciate if anybody could shed some light on what the exact difference is between the following methods:
I only have a few minutes...so let's see if I can explain this. During the action that displays your edit page, you call the saveToken method. This generated a new token and saves it on the session (the html:form tag detects this value and stores it as a hidden value on your html form). During the action that saves your data, you call the isTokenValid method. This method checks that the value submitted matches the token saved on the session. If the token is valid, then you should call resetToken. This clears the token on the session. Now if the user submits the page again, the token on the session will be cleared so the second call to isTokenValid will fail.
Does that help?
Edited to say that I do not think you have to call resetToken if you pass true in as the second parameter to isTokenValid.