This may be overkill for your particular situation but one technique you can
use is to embed an incrementing or random token in the user's session. For
example :
-----customerMaint.jsp-----
<%
int token = (random number);
session.putValue("token", ""+token);
%>
<form action="/servlet/SaveServlet">
<input type=hidden name=token value=<%=token%> >
...
</form>
-------SaveServlet--------
String sessionToken = session.getValue("token");
String formToken = request.getParameter("token");
// generate new token value
session.putValue("token", (some other number or null or something) );
// make sure the token that came through on the submit is the same one that
was assigned in the session earlier
if(sessionToken.equals(formToken))
// do save
else
// ignore or display error
The basic idea is to have some unique value stored in the session which is
also placed in the form. Upon submission you require that the submitted
value is the same as the session value. Then invalidate the value in the
session (by changing it to a different number or removing it entirely) so
the next time the form values are submitted (e.g. by refresh) it won't match
and thus will be rejected.
The initial token setting could also be done prior to customerMaint.jsp if
you wanted (i.e. in the page or servlet that initially links to
customerMaint.jsp).
Hope that helps,
Brien Voorhees
Invest.com
----- Original Message -----
From: "Matt Krevs" <[EMAIL PROTECTED]>
To: "Orion-Interest" <[EMAIL PROTECTED]>
Sent: Wednesday, July 12, 2000 4:11 PM
Subject: forward Vs redirect. Stopping multiple form submits
> I have an intranet website that has a lot of display/edit/delete
> functionality using forms.
>
> For example - to create a new customer the user would open
> customerMaint.jsp, enter the details and click submit.
>
> Clicking submit calls a servlet (lets call it SaveServlet) that saves the
> details. This servlet then forwards to customerMaint.jsp to display the
> saved details.
>
> Unfortunately (for me anyway), after the forward, the URL in the browser
is
> still SaveServlet. Consequently, if the user refreshes the browser (hits
F5
> in IE), the form is resubmitted and hey presto we now have 2 customers
with
> the same details.
>
> I'm sure I'm not the only person to have this problem. How are others
> handling this situation?
>
> ie open page -> submit form -> forward to initial page with saved
details ->
> stop the user from resubmitting the original form.
>
> I have played around with sendredirect but there are quite a few
limitations
> I cant get around - namely
>
> 1. its slower than doing a forward
> 2. the request parameters arent automatically passed to the sendRedirected
> page. You have to do it manually.
> 3. if you have a very large parameter there is no nice way to send to to
the
> sendRedirected page (eg like a POST). For example we save details by
> building up an xml string and sending it as a form parameter. This string
> can get very long and cant really be tacked on to the end of the query
> string in the url when sendRedirect is called.
>
> Anyone have any bright ideas? Any help appreciated.
>
> Thanks
> Matt
>
>
>
