Apr 24, 2007

Handle duplicate form submission

Handle duplicate form submission
The problem of duplicate form submission arises when a user clicks the Submit button more than once before the response is sent back or when a client accesses a view by returning to a previously bookmarked page. This may result in inconsistent transactions and must be avoided. In our sample application, a similar problem will arise if the customer clicks the submit button more than once while submitting the purchase order.

In Struts this problem can be handled by using the saveToken() and isTokenValid() methods of Action class. saveToken() method creates a token (a unique string) and saves that in the user's current session, while isTokenValid() checks if the token stored in the user's current session is the same as that was passed as the request parameter.

To do this the JSP has to be loaded through an Action. Before loading the JSP call saveToken() to save the token in the user session. When the form is submitted, check the token against that in the session by calling isTokenValid(), as shown in the following code snippet:

Listing 3: Using saveToken() and isTokenValid()

public class PurchaseOrderAction extends DispatchAction

{

public ActionForward load(ActionMapping mapping,

ActionForm form,

HttpServletRequest request,

HttpServletResponse response) throws Exception

{

try

{ //save the token

saveToken(request)



// rest of the code for loading the form

}

catch(Exception ex){//exception}

}



public ActionForward submitOrder(ActionMapping mapping,

ActionForm form,

HttpServletRequest request,

HttpServletResponse response) throws Exception

{

try

{

// check the token. Proceed only if token is valid

if(isTokenValid(request,true)) {

//implement order submit functionality here

} else {

return mapping.findForward("failure");

}

}

catch(Exception ex){//exception}

}

}
Add this to jsp if you don't use <html:form> to enable store token on jsp
<input type="hidden" name="<%=Constants.TOKEN_KEY %>" value="<%=session.getAttribute(Globals.TRANSACTION_TOKEN_KEY) %>">

No comments: