Hello!
What is the recommended practice (or just a good one :) for the problem
with multiple windows with regards to tokens?
Case:
(1) A user goes to /createPost.do, which displays a form for creating
a post, in window 1. The transaction token is reset.
(2) While editing the new post in window 1, the user goes to
/createPost.do to create another post in a new browser windows (which
resets the token).
(3) The user posts the form in window 1, which now has an invalid token?
We are thinking about the following solutions:
(1) Use several token id:s per session and pass around the token id
for each browser window as a request parameter (or as a wild-card in the
action path).
(2) Pass all form fields as hidden parameters, possibly by creating
support for generating all the necessary hidden tags.
Both of these methods require us to override certain struts methods.
Opinions and suggestions?
Regards
Fredrik
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
