I only have a few minutes...so let's see if I can explain this. During the action that displays your edit page, you call the saveToken method. This generated a new token and saves it on the session (the html:form tag detects this value and stores it as a hidden value on your html form). During the action that saves your data, you call the isTokenValid method. This method checks that the value submitted matches the token saved on the session. If the token is valid, then
you should call resetToken. This clears the token on the session. Now if the user submits the page again, the token on the session will be cleared so the second call to isTokenValid will fail.
Does that help?
Edited to say that I do not think you have to call resetToken if you pass true in as the second parameter to isTokenValid.
- Brent
[ September 26, 2006: Message edited by: Brent Sterling ]