Three solutions to avoid repeated submission of JSP form

Time:2021-7-25

1 JavaScript, set a variable, and only one submission is allowed.
  <script language=”javascript”>
   var checksubmitflg = false;
   function checksubmit() {
   if (checksubmitflg == true) {
   return false;
   }
   checksubmitflg = true;
   return true;
   }
   document.ondblclick = function docondblclick() {
   window.event.returnvalue = false;
   }
   document.onclick = function doconclick() {
   if (checksubmitflg) {
   window.event.returnvalue = false;
   }
   }
  </script>
  <html:form action=”myaction.do” method=”post” onsubmit=”return checksubmit();”>  
2 or JavaScript, set the submit button or image to disable
   <html:form action=”myaction.do” method=”post”
   onsubmit=”getelbyid(‘submitinput’).disabled = true; return true;”>   
   <html:image styleid=”submitinput” src=”images/ok_b.gif” border=”0″ /> 
   </html:form>  
3 using struts synchronization token mechanism
The reference token mechanism in struts is also used to solve the problem of token synchronization.
Basic principle:
Before processing the incoming request, the server will compare the token value contained in the request with the token value saved in the current user session to see if it matches. After the request is processed and before the reply is sent to the client, a new token will be generated. In addition to passing it to the client, the token will also replace the old token saved in the user session. In this way, if the user returns to the previous submission page and submits again, the token transmitted by the client is inconsistent with the token from the server, which effectively prevents repeated submission.  
  if (istokenvalid(request, true)) {
   // your code here
   return mapping.findforward(“success”);
  } else {
   savetoken(request);
   return mapping.findforward(“submitagain”);
  } 
Struts generates a unique token (for each session) according to the user session ID and the current system time. For the specific implementation, please refer to the generatetoken () method in the tokenprocessor class.   
1. / / verify the transaction control token, < HTML: Form > will automatically generate an implicit input token according to the ID in the session to prevent two submissions
2. In action:
   //<input type=”hidden” name=”org.apache.struts.taglib.html.token”
   // value=”6aa35341f25184fd996c4c918255c3ae”>
   if (!istokenvalid(request))
   errors.add(actionerrors.global_error,
   new actionerror(“error.transaction.token”));
   resettoken(request); // Delete token in session
3. Action has such a method to generate tokens
   protected string generatetoken(httpservletrequest request) {  
   httpsession session = request.getsession();
   try {
   byte id[] = session.getid().getbytes();
   byte now[] = new long(system.currenttimemillis()).tostring().getbytes();
   messagedigest md = messagedigest.getinstance(“md5”);
   md.update(id);
   md.update(now);
   return (tohex(md.digest()));
   } catch (illegalstateexception e) {
   return (null);
   } catch (nosuchalgorithmexception e) {
   return (null);
   }
   }

Recommended Today

Implementation example of go operation etcd

etcdIt is an open-source, distributed key value pair data storage system, which provides shared configuration, service registration and discovery. This paper mainly introduces the installation and use of etcd. Etcdetcd introduction etcdIt is an open source and highly available distributed key value storage system developed with go language, which can be used to configure sharing […]