I see.
You have a form for adding new users.
When you submit this form, it adds the user, then clears the fields and
redisplays the form ready for another user to be added. After saving
the record you create the new token so that the next user can be added.
When you detect that the form is submi
token is saved if checking is OK.
saveMessages (request, actionMessages);
saveToken(request);
addUserProfileForm.reset(mapping, request);
return mapping.findForward("success");
I add saveToken() right after resetToken() in order to do testing.
The result is
do you call saveToken() anywhere? After the resetToken() perhaps?
It sounds like the following is happening:
1. server generates page with token A, page with token A submitted
2. token A is valid, record saved, tokenReset() called, saveToken()
called creating token B
3. user presses back button,
When a page is displayed with a token,
data is inputted into the form.
Clicking the submit button will save a record.
Then click back previous page.
Click the submit button again.
Invalid token is detected as expected
Error message displays on top of the page.
However I find the token is changed.
4 matches
Mail list logo
