如果用戶回退到剛才的提交頁面并再次提交的話,客戶端傳過來的令牌就和服務(wù)器端的令牌不一致,從而有效地防止了重復(fù)提交的發(fā)生。//驗(yàn)證事務(wù)控制令牌,會(huì)自動(dòng)根據(jù)session中標(biāo)識(shí)生成一個(gè)隱含input代表令牌,防止兩次提交。
在JSP/Servlet中可以
JSP頁面
SynchroToken.java
package com.lims.util;
import org.apache.struts.util.*;
import javax.servlet.http.*;
import javax.servlet.jsp.*;
import org.apache.struts.action.*;
/**
*
Title: SynchroToken
*
Description:
*
Copyright: Copyright (c) 2004
*
Company: NetStar
* @author Jstar
* @version 1.0
* Created in 2004/04/21
*/
public class SynchroToken{
public final static java.lang.String TOKEN_NAME = "_token";
public static boolean checkToken (HttpServletRequest request){
boolean isEqual = false;
HttpSession session = request.getSession ();
String formToken = request.getParameter (TOKEN_NAME);
String sessionToken = (String)session.getAttribute (TOKEN_NAME);
System.out.println ("formToken: " + formToken + " sessionToken: " +
sessionToken);
if (formToken != null && sessionToken == null){
session.setAttribute (TOKEN_NAME, formToken);
isEqual = true;
}
return isEqual;
}
/**
* Insert the method's description here.
* Creation date: (4/19/2004 3:23:25 PM)
* @return java.lang.String
* @param request javax.servlet.http.HttpServletRequest
*/
public static String getToken (HttpServletRequest request){
String token = "" + System.currentTimeMillis ();
HttpSession session = request.getSession ();
if (session != null){
session.removeAttribute (TOKEN_NAME);
}
return token;z
}
/**
* Insert the method's description here.
* Creation date: (4/19/2004 3:24:10 PM)
* @return java.lang.String
*/
final static java.lang.String getTOKEN_NAME (){
return TOKEN_NAME;
}
public static String message (PageContext pageContext, String key) throws
JspException{
return RequestUtils.message (pageContext, null, null, key);
}
} |