Three programs that avoid Form repeated submission in web applications

zhaozj2021-02-16  91

The first two use JavaScript, which is the reference implementation in the case of using struts.

1 JavaScript, set a variable, only allowed to be submitted once.

"Javascript"> var checkSubmitFlg = false; function checkSubmit () {if (checkSubmitFlg == true) {return false;} checkSubmitFlg = true; return true;} document.ondblclick = function docondblclick () {window.event.returnValue = false } Document.onClick = function doconclick () {if (checksubmitflg) {WINDOW.EVENT.RETURNVALUE = false;}}

2 or JavaScript, set the submit button or Image to disable

"myAction.do" method = "post" οnsubmit = "getelbyid ('submitinput'). Disabled = true; return true;"> "Submitinput" src = "images / ok_b.gif" border = "0" />

3 Using Struts synchronous token mechanism

With the synchronous token mechanism to solve the problem of repeated submission in the web application, Struts also gives a reference implementation.

Fundamental:

The server side compares the token value included in the request with the token value included in the current user session before processing the request. After processing the request, and before replying to the client, a new token will be generated, which will replace the old token saved in the user session in addition to the client. This way, if the user retires to the submission page and submit it again, the token passed by the client is inconsistent with the token of the server, and effectively prevents the occurrence of repeated submission.

IF (ISTOKENVALID (Request, True) {// Your code Here Return mapping.findforward ("surcess");} else {savetoken (request); return maping.findforward ("submitagain");}

Struts generates a unique (for each session) token according to user session ID and current system time, and specific implementation can refer to the generateToken () method in the TokenProcessor class.

1. // Verify the transaction control token, automatically generates an implicit input representative token according to the SESSION to prevent twice to submit 2. In Action:

// // value = "6aa35341f25184fd996c4c918255c3ae"> if errors.add (ActionErrors.GLOBAL_ERROR, new ActionError ( "error.transaction.token")) (isTokenValid (request)!); ResetToken (request); // delete the session in Token 3. Action has such a method to generate a token

Protected string generateToken (httpservletRequest request) {

Httpsession session = request.getSession (); try {byte id [] = session.getid (). GetBytes (); byte now [] = new long (system.currenttimemillis ()). Tostring (). GetBytes (); messagedigest MD = MessageDigest.getInstance ("MD5"); md.Update (ID); md.Update (now); return (tohex (md.digest ()));} catch (IllegalStateExcection E) {return (null);} Catch (Nosuchalgorithmexception E) {return (null);}}

转载请注明原文地址:https://www.9cbs.com/read-12940.html

New Post(0)