Why would you need an artificial token, if you can create a robust system using your own data model? Instead of verifying that request was or was not yet submitted, you would verify that actual data is or is not there. I think the latter approach is more logical and robust.
Michael. On 11/10/05, Martin Gainty <[EMAIL PROTECTED]> wrote: > Good Morning Jadeler- > > I would suggest taking a look at what is happening underneath the hood e.g. > @1 Struts will generate a unique value (the token) and keep it in the > session context > @2 When the JSP is rendered, Struts inserts the unique value (token) as a > hidden field > @3 The hidden field token is submitted along with the rest of the form and > isValidToken() checks the value that came in with the current request > against > the value that was saved in the session context by the most recent > saveToken() call. > If the two token values match, the submission is valid. > > explanation courtesy of Junilu Lacar > > I hope this helps you out, > > Anyone else ??? > > Martin Gainty > > (mobile) 617-852-7822 > > > > > > > > >Jadeler, > > > >If you are using struts, in your class you can use saveToken() method and > >isValidToken() method to revalidate the request. more detail you can get > >from struts site. > > > >hope it helps > >Sunil > > > > > > > >Jadeler <[EMAIL PROTECTED]> > >11/10/2005 01:05 PM > >Please respond to > >"Struts Users Mailing List" <user@struts.apache.org> > > > > > >To > >user@struts.apache.org > >cc > > > >Subject > >Preventing users from resubmitting payment screen > > > > > > > > > > > > > >I wanted to find out any recommendations in handling > >successful payments where the user is redirected to a > >receipt screen after a successful payment transaction. > > Basically, I need to prevent users from resubmitting > >the payment screen again via clicking on the browser > >back button, etc or via other means. > > > >Thanks. > > > >Jadeler --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
