You need to just look at the code and get the idea. The idea is that you
have to have tokens that match. One token is kept in the session. Another
token is kept in the request. The Action class has three methods that are
important: isTokenValid(request), resetToken(request) and
saveToken(request). When you are going to a page that has a form you want
to protect, you need to run it through an action and call the saveToken
method. This puts a token into the session. You cannot put a token into
the request from the Action class. When you do this, IF YOU USE
<html:form>, the token gets put into the request as a HIDDEN FORM
FIELD. AFter you check whether a token is valid, you should reset the
token. There are lots of good explanations of this in more detail. On
tokens, I recommend the one in "The Struts Framework: Practical Guide for
Programmers", by Sue Spielman. Sue is a great teacher, as are other
authors of Struts books.
Michael
At 11:45 PM 6/20/2004, [EMAIL PROTECTED] wrote:
Hi Mike,
We are aware that the transactional token needs to be used for this purpose.
But we don't know the details thereof.
Need some more info on that.
Searched a lot but could not find any details.
Had tried the resetToken method of the Action class but nothing happened.
Suhash
mike <[EMAIL PROTECTED]>
06/21/2004 12:02 PM
Please respond to
"Struts Users Mailing List" <[EMAIL PROTECTED]>
To
"Struts Users Mailing List" <[EMAIL PROTECTED]>, "Struts Users
Mailing List" <[EMAIL PROTECTED]>
cc
Subject
Re: How to handle refresh
This is somewhat impossible to answer without more information, but the
basic Idea is probably to not allow records to be saved with a refresh or a
resubmittal of a form through the use of a token in your action classes.
At 11:22 PM 6/20/2004, [EMAIL PROTECTED] wrote:
>Hi all,
>
> We wish to customise the behaviour of IE refresh by just making
> it fetch the latest data from the db.
> It works fine in list and edit screens where the last action
> was a fetch.
> But if the user has previously saved a record, refresh causes
> the save action to be executed once again, contrary to what we wish to
> achieve.
> Is there any way in which we customise this behaviour?
>
>
>TIA,
>
>Suhash
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: [EMAIL PROTECTED]
>For additional commands, e-mail: [EMAIL PROTECTED]
ForwardSourceID:NT000056BE
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
