Re: tokens creating a field in my forms
On 11/20/2003 11:44 AM Raphaël di Cicco wrote: I understand how tokens work. I'm currently modifying my application to use tokens every time possible. The thing is that I'm doing validation with javascript on my JSPs, and very often checking form elements with the index. When using token, struts creates a form element at index 0, so every validation I do is not working anymore since everything is reindexed by 1. I would like the struts form to place the token at the end of the form. Is that possible? Hi Raphael, without looking at the source code I can't definitely say that it is impossible, but it is highly unlikely. Technically speaking you would be better off referring to your fields in javascript by id, rather than by index, since this situation with tokens is not the only one that will give you this problem. However I realise this will not be helpful to you if you have already finished the javascript code! Sorry :( Adam -- struts 1.1 + tomcat 5.0.12 + java 1.4.2 Linux 2.4.20 RH9 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Tokens
Is there a complete end-to-end example of proper saveToken() isTokenValid() usage anywhere? (there should be) Regards, Rich -Original Message- From: Jason Lea [mailto:[EMAIL PROTECTED] Sent: Thursday, November 20, 2003 10:16 PM To: Struts Users Mailing List Subject: Re: Tokens The Struts saveToken() isTokenValid() methods save a token so that double submits are detected and can be dealt with. Just disabling the submit button won't stop a user submitting and then refreshing the page (which submits the same info twice) or going back in their history and clicking submit on an earlier page. Geeta Ramani wrote: Gurpreet: Don't mean to jump in if you already have found a good solution, but wouldn't it be simpler to just not allow the user to press the submit btton twice? It is easy (using Javascript) to disable a submit button once it has already been pressed.. Regards, Geeta Mainguy, Mike wrote: Call saveToken() in GET (or read) Test isTokenValid() in the POST (or write) to see if it is a dupe (duplicate returns false [bad token]) worse is better -Original Message- From: Gurpreet Dhanoa [mailto:[EMAIL PROTECTED] Sent: Wednesday, November 19, 2003 11:19 PM To: Struts Users Mailing List Subject: Re: Tokens hi Ramadoss Thanks for your help. But this is not i m looking for. I may not be able to explain my question proeprly . But i m looking for saveTOken() method implementation in struts which does not allow duplicate entry of records into the database when the user click on submit button twice. - Original Message - From: Ramadoss Chinnakuzhandai [EMAIL PROTECTED] To: Struts Users Mailing List [EMAIL PROTECTED] Sent: Wednesday, November 19, 2003 7:56 PM Subject: RE: Tokens Hi Gurpreet, If what I understand is correct from your question, you can use split function the same way as you use String Token...following is sample snap shot String str = botherouioero:and:foroffo:mar:ssod:slave; String[] arr = str.split(:, 9); System.out.println(length of arr[] is: + arr.length); for (int i = 0; i arr.length; i++) { System.out.println(value is : + arr[i]); } String[] ar = str.split(o, 8); System.out.println(length of arr[] is: + ar.length); for (int i = 0; i ar.length; i++) { System.out.println(value is : + ar[i]); } Where the number 9 and 8 denotes number of occurences you want to consider after which it will be treated as whole single string and will be included into your String Array. Hope this help, -Ram -Original Message- From: Gurpreet Dhanoa [mailto:[EMAIL PROTECTED] Sent: Wednesday, November 19, 2003 6:19 AM To: Struts Users Mailing List; [EMAIL PROTECTED] Subject: Tokens hi All Can somebody explain small code snap shot of using Tokens. AS i am trying to use it in one of my application. but due to some unknown reason it is not working. I may be doing something wrong. Any help will be appreciated Regards GAry -- Jason Lea - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tokens
Am Freitag, 21. November 2003 16:46 schrieb Richard J. Duncan: Is there a complete end-to-end example of proper saveToken() isTokenValid() usage anywhere? (there should be) Check out the Struts Example application that comes with Struts. Then, tokens are explained best in Struts in Action (one paragraph, IIRC). No, three, and on p. 295. So the index is wrong which says p. 287. Anyway. When you're about to start a transaction, say saveToken(request) somewhere in your Action. From then on, Struts forms will automatically be aware of the Token and deliver it along with each request. When using html:link, set the transaction attribute to 'true' to have them behave likewise. When it finally comes to applying permanent changes to the Model (backend, database, EIS, whatever) which you want to happen only once, check for the token before entering the code in question by calling isTokenValid(request). If it's there, proceed, if not, branch to some error page or just ignore the (second) attempt . If the token is valid, execute he backend code and call resetToken(request) to enable possible subsequent transactions. If the user has pressed the 'Send' button twice in-between, the second request will fail because of the isTokenValid(request) check, and once you say resetToken(request), the token won't be valid anymore. Until you generate a new transaction via saveToken(), but that a different one, then. Regards, Rich HTH, -- Chris. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: tokens creating a field in my forms
OK, I was thinking the same thing. Referring to fields by id is better but less convenient when all your fields are accessed by maps therefore their names is something like formProp(Foo.foo.fooo). - Original Message - From: Adam Hardy [EMAIL PROTECTED] To: Struts Users Mailing List [EMAIL PROTECTED] Sent: Friday, November 21, 2003 10:48 AM Subject: Re: tokens creating a field in my forms On 11/20/2003 11:44 AM Raphaël di Cicco wrote: I understand how tokens work. I'm currently modifying my application to use tokens every time possible. The thing is that I'm doing validation with javascript on my JSPs, and very often checking form elements with the index. When using token, struts creates a form element at index 0, so every validation I do is not working anymore since everything is reindexed by 1. I would like the struts form to place the token at the end of the form. Is that possible? Hi Raphael, without looking at the source code I can't definitely say that it is impossible, but it is highly unlikely. Technically speaking you would be better off referring to your fields in javascript by id, rather than by index, since this situation with tokens is not the only one that will give you this problem. However I realise this will not be helpful to you if you have already finished the javascript code! Sorry :( Adam -- struts 1.1 + tomcat 5.0.12 + java 1.4.2 Linux 2.4.20 RH9 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Tokens
Call saveToken() in GET (or read) Test isTokenValid() in the POST (or write) to see if it is a dupe (duplicate returns false [bad token]) worse is better -Original Message- From: Gurpreet Dhanoa [mailto:[EMAIL PROTECTED] Sent: Wednesday, November 19, 2003 11:19 PM To: Struts Users Mailing List Subject: Re: Tokens hi Ramadoss Thanks for your help. But this is not i m looking for. I may not be able to explain my question proeprly . But i m looking for saveTOken() method implementation in struts which does not allow duplicate entry of records into the database when the user click on submit button twice. - Original Message - From: Ramadoss Chinnakuzhandai [EMAIL PROTECTED] To: Struts Users Mailing List [EMAIL PROTECTED] Sent: Wednesday, November 19, 2003 7:56 PM Subject: RE: Tokens Hi Gurpreet, If what I understand is correct from your question, you can use split function the same way as you use String Token...following is sample snap shot String str = botherouioero:and:foroffo:mar:ssod:slave; String[] arr = str.split(:, 9); System.out.println(length of arr[] is: + arr.length); for (int i = 0; i arr.length; i++) { System.out.println(value is : + arr[i]); } String[] ar = str.split(o, 8); System.out.println(length of arr[] is: + ar.length); for (int i = 0; i ar.length; i++) { System.out.println(value is : + ar[i]); } Where the number 9 and 8 denotes number of occurences you want to consider after which it will be treated as whole single string and will be included into your String Array. Hope this help, -Ram -Original Message- From: Gurpreet Dhanoa [mailto:[EMAIL PROTECTED] Sent: Wednesday, November 19, 2003 6:19 AM To: Struts Users Mailing List; [EMAIL PROTECTED] Subject: Tokens hi All Can somebody explain small code snap shot of using Tokens. AS i am trying to use it in one of my application. but due to some unknown reason it is not working. I may be doing something wrong. Any help will be appreciated Regards GAry - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - This message and its contents (to include attachments) are the property of Kmart Corporation (Kmart) and may contain confidential and proprietary information. You are hereby notified that any disclosure, copying, or distribution of this message, or the taking of any action based on information contained herein is strictly prohibited. Unauthorized use of information contained herein may subject you to civil and criminal prosecution and penalties. If you are not the intended recipient, you should delete this message immediately. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tokens
Gurpreet: Don't mean to jump in if you already have found a good solution, but wouldn't it be simpler to just not allow the user to press the submit btton twice? It is easy (using Javascript) to disable a submit button once it has already been pressed.. Regards, Geeta Mainguy, Mike wrote: Call saveToken() in GET (or read) Test isTokenValid() in the POST (or write) to see if it is a dupe (duplicate returns false [bad token]) worse is better -Original Message- From: Gurpreet Dhanoa [mailto:[EMAIL PROTECTED] Sent: Wednesday, November 19, 2003 11:19 PM To: Struts Users Mailing List Subject: Re: Tokens hi Ramadoss Thanks for your help. But this is not i m looking for. I may not be able to explain my question proeprly . But i m looking for saveTOken() method implementation in struts which does not allow duplicate entry of records into the database when the user click on submit button twice. - Original Message - From: Ramadoss Chinnakuzhandai [EMAIL PROTECTED] To: Struts Users Mailing List [EMAIL PROTECTED] Sent: Wednesday, November 19, 2003 7:56 PM Subject: RE: Tokens Hi Gurpreet, If what I understand is correct from your question, you can use split function the same way as you use String Token...following is sample snap shot String str = botherouioero:and:foroffo:mar:ssod:slave; String[] arr = str.split(:, 9); System.out.println(length of arr[] is: + arr.length); for (int i = 0; i arr.length; i++) { System.out.println(value is : + arr[i]); } String[] ar = str.split(o, 8); System.out.println(length of arr[] is: + ar.length); for (int i = 0; i ar.length; i++) { System.out.println(value is : + ar[i]); } Where the number 9 and 8 denotes number of occurences you want to consider after which it will be treated as whole single string and will be included into your String Array. Hope this help, -Ram -Original Message- From: Gurpreet Dhanoa [mailto:[EMAIL PROTECTED] Sent: Wednesday, November 19, 2003 6:19 AM To: Struts Users Mailing List; [EMAIL PROTECTED] Subject: Tokens hi All Can somebody explain small code snap shot of using Tokens. AS i am trying to use it in one of my application. but due to some unknown reason it is not working. I may be doing something wrong. Any help will be appreciated Regards GAry - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - This message and its contents (to include attachments) are the property of Kmart Corporation (Kmart) and may contain confidential and proprietary information. You are hereby notified that any disclosure, copying, or distribution of this message, or the taking of any action based on information contained herein is strictly prohibited. Unauthorized use of information contained herein may subject you to civil and criminal prosecution and penalties. If you are not the intended recipient, you should delete this message immediately. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tokens
The Struts saveToken() isTokenValid() methods save a token so that double submits are detected and can be dealt with. Just disabling the submit button won't stop a user submitting and then refreshing the page (which submits the same info twice) or going back in their history and clicking submit on an earlier page. Geeta Ramani wrote: Gurpreet: Don't mean to jump in if you already have found a good solution, but wouldn't it be simpler to just not allow the user to press the submit btton twice? It is easy (using Javascript) to disable a submit button once it has already been pressed.. Regards, Geeta Mainguy, Mike wrote: Call saveToken() in GET (or read) Test isTokenValid() in the POST (or write) to see if it is a dupe (duplicate returns false [bad token]) worse is better -Original Message- From: Gurpreet Dhanoa [mailto:[EMAIL PROTECTED] Sent: Wednesday, November 19, 2003 11:19 PM To: Struts Users Mailing List Subject: Re: Tokens hi Ramadoss Thanks for your help. But this is not i m looking for. I may not be able to explain my question proeprly . But i m looking for saveTOken() method implementation in struts which does not allow duplicate entry of records into the database when the user click on submit button twice. - Original Message - From: Ramadoss Chinnakuzhandai [EMAIL PROTECTED] To: Struts Users Mailing List [EMAIL PROTECTED] Sent: Wednesday, November 19, 2003 7:56 PM Subject: RE: Tokens Hi Gurpreet, If what I understand is correct from your question, you can use split function the same way as you use String Token...following is sample snap shot String str = botherouioero:and:foroffo:mar:ssod:slave; String[] arr = str.split(:, 9); System.out.println(length of arr[] is: + arr.length); for (int i = 0; i arr.length; i++) { System.out.println(value is : + arr[i]); } String[] ar = str.split(o, 8); System.out.println(length of arr[] is: + ar.length); for (int i = 0; i ar.length; i++) { System.out.println(value is : + ar[i]); } Where the number 9 and 8 denotes number of occurences you want to consider after which it will be treated as whole single string and will be included into your String Array. Hope this help, -Ram -Original Message- From: Gurpreet Dhanoa [mailto:[EMAIL PROTECTED] Sent: Wednesday, November 19, 2003 6:19 AM To: Struts Users Mailing List; [EMAIL PROTECTED] Subject: Tokens hi All Can somebody explain small code snap shot of using Tokens. AS i am trying to use it in one of my application. but due to some unknown reason it is not working. I may be doing something wrong. Any help will be appreciated Regards GAry -- Jason Lea - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tokens
Oh, ok. I guess i was thinking of the more casual click-happy user who can be perhaps persuaded to see that overclicking is a bad thing.. But you're right: the scenario you describe can certainly occur for the more determined lets-break-this-code user..;) Thanks for setting me right..! Jason Lea wrote: The Struts saveToken() isTokenValid() methods save a token so that double submits are detected and can be dealt with. Just disabling the submit button won't stop a user submitting and then refreshing the page (which submits the same info twice) or going back in their history and clicking submit on an earlier page. Geeta Ramani wrote: Gurpreet: Don't mean to jump in if you already have found a good solution, but wouldn't it be simpler to just not allow the user to press the submit btton twice? It is easy (using Javascript) to disable a submit button once it has already been pressed.. Regards, Geeta Mainguy, Mike wrote: Call saveToken() in GET (or read) Test isTokenValid() in the POST (or write) to see if it is a dupe (duplicate returns false [bad token]) worse is better -Original Message- From: Gurpreet Dhanoa [mailto:[EMAIL PROTECTED] Sent: Wednesday, November 19, 2003 11:19 PM To: Struts Users Mailing List Subject: Re: Tokens hi Ramadoss Thanks for your help. But this is not i m looking for. I may not be able to explain my question proeprly . But i m looking for saveTOken() method implementation in struts which does not allow duplicate entry of records into the database when the user click on submit button twice. - Original Message - From: Ramadoss Chinnakuzhandai [EMAIL PROTECTED] To: Struts Users Mailing List [EMAIL PROTECTED] Sent: Wednesday, November 19, 2003 7:56 PM Subject: RE: Tokens Hi Gurpreet, If what I understand is correct from your question, you can use split function the same way as you use String Token...following is sample snap shot String str = botherouioero:and:foroffo:mar:ssod:slave; String[] arr = str.split(:, 9); System.out.println(length of arr[] is: + arr.length); for (int i = 0; i arr.length; i++) { System.out.println(value is : + arr[i]); } String[] ar = str.split(o, 8); System.out.println(length of arr[] is: + ar.length); for (int i = 0; i ar.length; i++) { System.out.println(value is : + ar[i]); } Where the number 9 and 8 denotes number of occurences you want to consider after which it will be treated as whole single string and will be included into your String Array. Hope this help, -Ram -Original Message- From: Gurpreet Dhanoa [mailto:[EMAIL PROTECTED] Sent: Wednesday, November 19, 2003 6:19 AM To: Struts Users Mailing List; [EMAIL PROTECTED] Subject: Tokens hi All Can somebody explain small code snap shot of using Tokens. AS i am trying to use it in one of my application. but due to some unknown reason it is not working. I may be doing something wrong. Any help will be appreciated Regards GAry -- Jason Lea - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Tokens
Hi Gurpreet, If what I understand is correct from your question, you can use split function the same way as you use String Token...following is sample snap shot String str = botherouioero:and:foroffo:mar:ssod:slave; String[] arr = str.split(:, 9); System.out.println(length of arr[] is: + arr.length); for (int i = 0; i arr.length; i++) { System.out.println(value is : + arr[i]); } String[] ar = str.split(o, 8); System.out.println(length of arr[] is: + ar.length); for (int i = 0; i ar.length; i++) { System.out.println(value is : + ar[i]); } Where the number 9 and 8 denotes number of occurences you want to consider after which it will be treated as whole single string and will be included into your String Array. Hope this help, -Ram -Original Message- From: Gurpreet Dhanoa [mailto:[EMAIL PROTECTED] Sent: Wednesday, November 19, 2003 6:19 AM To: Struts Users Mailing List; [EMAIL PROTECTED] Subject: Tokens hi All Can somebody explain small code snap shot of using Tokens. AS i am trying to use it in one of my application. but due to some unknown reason it is not working. I may be doing something wrong. Any help will be appreciated Regards GAry - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tokens
hi Ramadoss Thanks for your help. But this is not i m looking for. I may not be able to explain my question proeprly . But i m looking for saveTOken() method implementation in struts which does not allow duplicate entry of records into the database when the user click on submit button twice. - Original Message - From: Ramadoss Chinnakuzhandai [EMAIL PROTECTED] To: Struts Users Mailing List [EMAIL PROTECTED] Sent: Wednesday, November 19, 2003 7:56 PM Subject: RE: Tokens Hi Gurpreet, If what I understand is correct from your question, you can use split function the same way as you use String Token...following is sample snap shot String str = botherouioero:and:foroffo:mar:ssod:slave; String[] arr = str.split(:, 9); System.out.println(length of arr[] is: + arr.length); for (int i = 0; i arr.length; i++) { System.out.println(value is : + arr[i]); } String[] ar = str.split(o, 8); System.out.println(length of arr[] is: + ar.length); for (int i = 0; i ar.length; i++) { System.out.println(value is : + ar[i]); } Where the number 9 and 8 denotes number of occurences you want to consider after which it will be treated as whole single string and will be included into your String Array. Hope this help, -Ram -Original Message- From: Gurpreet Dhanoa [mailto:[EMAIL PROTECTED] Sent: Wednesday, November 19, 2003 6:19 AM To: Struts Users Mailing List; [EMAIL PROTECTED] Subject: Tokens hi All Can somebody explain small code snap shot of using Tokens. AS i am trying to use it in one of my application. but due to some unknown reason it is not working. I may be doing something wrong. Any help will be appreciated Regards GAry - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: tokens and set-property
The set-property applies to the ActionMapping, not the Action. You can subclass ActionMapping and add a useToken property to it. Then the action entity will need the className attribute set to your ActionMapping subclass. action className=com.blah.MyActionMapping path=blah... set-property property=useToken value=true/ /action -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Thursday, January 30, 2003 12:19 PM To: [EMAIL PROTECTED] Subject: tokens and set-property I'd like to use the set-property element of struts-config to tell my action whether to expect a token. For example, I have an action like this: action path=blah... set-property property=useToken value=true/ /action I'm using an abstract action subclass that itself is a superclass to my real actions. It contains a boolean useToken property. I also tries a String but it didn't matter. That property never gets set to what I specify in the struts-config file. Any suggestions? thanks john john gregg Wells Fargo Services Company Minneapolis, MN - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: tokens and set-property
Try to utilize the parameter in your action mapping. For loading action, parameter = load; for submission action, parameter = submit. Base action class logic: If parameter is load saveToken(request) If parameter is submit isTokenValid(request) submit resetToken(request) Regards, PQ This Guy Thinks He Knows Everything This Guy Thinks He Knows What He Is Doing -Original Message- From: Jerome Jacobsen [mailto:[EMAIL PROTECTED]] Sent: January 30, 2003 12:28 PM To: Struts Users Mailing List Subject: RE: tokens and set-property The set-property applies to the ActionMapping, not the Action. You can subclass ActionMapping and add a useToken property to it. Then the action entity will need the className attribute set to your ActionMapping subclass. action className=com.blah.MyActionMapping path=blah... set-property property=useToken value=true/ /action -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Thursday, January 30, 2003 12:19 PM To: [EMAIL PROTECTED] Subject: tokens and set-property I'd like to use the set-property element of struts-config to tell my action whether to expect a token. For example, I have an action like this: action path=blah... set-property property=useToken value=true/ /action I'm using an abstract action subclass that itself is a superclass to my real actions. It contains a boolean useToken property. I also tries a String but it didn't matter. That property never gets set to what I specify in the struts-config file. Any suggestions? thanks john john gregg Wells Fargo Services Company Minneapolis, MN - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Tokens - a simple explanation wanted
The basic idea for the use of token is to deny duplicate request submissions. How do we use it? When the user goes to a form for the first time, the saveToken methods needs to be called, this will create a token in the user's session and a matching request token in the request object which will be defined as a hidden parameter on the jsp page. Once the form is submitted, we will need to check whether the request and session token match by calling isTokenValid. This will return true and we now call the saveToken method once again thereby creating a new token in the user's session. If the user now clicks on the browser's back button the hidden (request) parameter on the old jsp page will not match the new session token that has just been created. If the user decides to resubmit the old form we will call the isTokenValid method and it will return false. Struts have created the following token methods. generateToken protected java.lang.String generateToken(javax.servlet.http.HttpServletRequest request) Generate a new transaction token, to be used for enforcing a single request for a particular transaction. Parameters: request - The request we are processing isTokenValid protected boolean isTokenValid(javax.servlet.http.HttpServletRequest request) Return true if there is a transaction token stored in the user's current session, and the value submitted as a request parameter with this action matches it. Returns false under any of the following circumstances: * No session associated with this request * No transaction token saved in the session * No transaction token included as a request parameter * The included transaction token value does not match the transaction token in the user's session Parameters: request - The servlet request we are processing resetToken protected void resetToken(javax.servlet.http.HttpServletRequest request) Reset the saved transaction token in the user's session. This indicates that transactional token checking will not be needed on the next request that is submitted. Parameters: request - The servlet request we are processing saveToken protected void saveToken(javax.servlet.http.HttpServletRequest request) Save a new transaction token in the user's current session, creating a new session if necessary. Parameters: request - The servlet request we are processing -Original Message- From: David Bolsover [mailto:[EMAIL PROTECTED]] Sent: 06 December 2002 11:04 To: Struts User Subject: Tokens - a simple explanation wanted Hi Can anyone assist with a simple explanation of how Tokens work and their application within the Struts framework? I have read the docs and looked at the examples but still have problems understanding how (or if) Tokens solve the problem that arises when a user uses the browser back button and then re-submits a form for a second time. db -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: [Tokens][2] Where can I find more information....
I think I will do just that. Mind you, then I´ll redirect everyone to my page :-P. Regards, Michael - Original Message - From: Andrew Hill [EMAIL PROTECTED] To: Struts Users Mailing List [EMAIL PROTECTED] Sent: Tuesday, September 10, 2002 4:29 AM Subject: RE: [Tokens][2] Where can I find more information As Mozilla is open source, perhaps you could create an extended version of it that supports your requirements and force your users to use that? ;-) -Original Message- From: Eddie Bush [mailto:[EMAIL PROTECTED]] Sent: Monday, September 09, 2002 22:22 To: Struts Users Mailing List Subject: Re: [Tokens][2] Where can I find more information Unfortunately, there isn't always a non-JavaScript solution ;-) What do you do with requirements that can only be implemented with JavaScript? Regards :-) Eddie Michael Delamere wrote: I don´t quite agree (sorry) because I want to solve the problem without javascript. I hate javascript and always try to do without it :-) Regards, Michael -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: [Tokens][2] Where can I find more information....
LOL! That's ... that's ... LOL :-) Thanks for the good laugh ;-) Andrew Hill wrote: As Mozilla is open source, perhaps you could create an extended version of it that supports your requirements and force your users to use that? ;-) -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: [Tokens] Where can I find more information....
ok, I found this which pretty much helped me understand what is going on: http://www.mail-archive.com/struts-user@jakarta.apache.org/msg35501.html However I still have a problem: In my showProductsAction I have the line: saveToken(request); Then next option would be to click add to cart in which case I would go to the CartAction accordingly. In my CartAction I check the token: === if (isTokenValid(request, true)) { System.out.println(TOKEN IS VALID); } else { System.out.println(TOKEN IS NO LONGER VALID); } === Is the above code assumption correct or am I misinterpreting something? Because when I submit add to cart I always jump into the else block! Regards, Michael - Original Message - From: Michael Delamere [EMAIL PROTECTED] To: Struts Users Mailing List [EMAIL PROTECTED] Sent: Monday, September 09, 2002 9:40 AM Subject: [Tokens] Where can I find more information Hi, I posted a thread last week about having caching problems and that my shopping cart was being incremented by 1 everytime somebody refreshed the browser. The answer I got was that one could use tokens. Sounds like a great idea! So I had a look at the struts-example to find out what it´s about but to be honest I don´t understand exactly what is going on. I tried implementing the code almost exactly as it was done there and it keeps on telling me that my token is invalid. The problem I have here is that I don´t know what it means or what I have to do to correct this. 1. Does anyone know where I can find more information on these tokens? 2. Would it not be a good idea to include this in the struts-config action configuration, i.e. token=true? Any help would be really appreciated! Thanks, Michael -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: [Tokens][2] Where can I find more information....
Hope you will excuse me stealing this topic for a related question - I added a [2] tag to indicate this ;-) As far as I can see the key under which the token is saved is a constant. What happens if another browser window is also open on some other form (in same session) and the user is trying to submit something there to another action that also users tokens. (This is one of those anoying users who opens fifty billion windows and does stuff in one window while waiting for submission / page loading in another window to complete) Wont the two interfere? ie: User fills in form in window A and submits. While waiting for that to complete, user enters stuff in window B (for a different form or record) and submits that. What happens to the tokens here? btw: heres a copy of the msg Michael refers to in the archive (for those who havent time to load the web page) To deal with resubmits, the most important issue is to avoid updating the database twice when the user accidentally resubmits the same form. Struts has a feature called transaction control tokens that help you avoid this, which is very simply used as follows: * In the Action that sets up your input form (i.e. before you forward to it), execute the following saveToken(request) to save a special value in the user's session that will be used in the next step. * In the Action that receives the form and updates the database, add the following logic before you do the update: if (isTokenValid(request, true)) { ... this is a resubmit, so go display an error ... } The true parameter causes the token to be removed from the session so that it doesn't interfere with subsequent form submits. This way, the submit will work the first time, but fail on any accidental or on-purpose resubmit, and you avoid adding the information to the database twice. It also prevents the user from navigating directly to the myDB.do URL without going through your normal setup actions -- because the transaction token would not have been placed in the session, so the isTokenValid() test would fail. Craig -Original Message- From: Michael Delamere [mailto:[EMAIL PROTECTED]] Sent: Monday, September 09, 2002 17:25 To: Struts Users Mailing List Subject: Re: [Tokens] Where can I find more information ok, I found this which pretty much helped me understand what is going on: http://www.mail-archive.com/struts-user@jakarta.apache.org/msg35501.html However I still have a problem: In my showProductsAction I have the line: saveToken(request); Then next option would be to click add to cart in which case I would go to the CartAction accordingly. In my CartAction I check the token: === if (isTokenValid(request, true)) { System.out.println(TOKEN IS VALID); } else { System.out.println(TOKEN IS NO LONGER VALID); } === Is the above code assumption correct or am I misinterpreting something? Because when I submit add to cart I always jump into the else block! Regards, Michael - Original Message - From: Michael Delamere [EMAIL PROTECTED] To: Struts Users Mailing List [EMAIL PROTECTED] Sent: Monday, September 09, 2002 9:40 AM Subject: [Tokens] Where can I find more information Hi, I posted a thread last week about having caching problems and that my shopping cart was being incremented by 1 everytime somebody refreshed the browser. The answer I got was that one could use tokens. Sounds like a great idea! So I had a look at the struts-example to find out what it´s about but to be honest I don´t understand exactly what is going on. I tried implementing the code almost exactly as it was done there and it keeps on telling me that my token is invalid. The problem I have here is that I don´t know what it means or what I have to do to correct this. 1. Does anyone know where I can find more information on these tokens? 2. Would it not be a good idea to include this in the struts-config action configuration, i.e. token=true? Any help would be really appreciated! Thanks, Michael -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: [Tokens][2] Where can I find more information....
Hi Andrew, The generateToken method in Action.java generates a unique token each time saveToken is called. Jon Ridgway -Original Message- From: Andrew Hill [mailto:[EMAIL PROTECTED]] Sent: 09 September 2002 10:23 To: Struts Users Mailing List Subject: RE: [Tokens][2] Where can I find more information Hope you will excuse me stealing this topic for a related question - I added a [2] tag to indicate this ;-) As far as I can see the key under which the token is saved is a constant. What happens if another browser window is also open on some other form (in same session) and the user is trying to submit something there to another action that also users tokens. (This is one of those anoying users who opens fifty billion windows and does stuff in one window while waiting for submission / page loading in another window to complete) Wont the two interfere? ie: User fills in form in window A and submits. While waiting for that to complete, user enters stuff in window B (for a different form or record) and submits that. What happens to the tokens here? btw: heres a copy of the msg Michael refers to in the archive (for those who havent time to load the web page) To deal with resubmits, the most important issue is to avoid updating the database twice when the user accidentally resubmits the same form. Struts has a feature called transaction control tokens that help you avoid this, which is very simply used as follows: * In the Action that sets up your input form (i.e. before you forward to it), execute the following saveToken(request) to save a special value in the user's session that will be used in the next step. * In the Action that receives the form and updates the database, add the following logic before you do the update: if (isTokenValid(request, true)) { ... this is a resubmit, so go display an error ... } The true parameter causes the token to be removed from the session so that it doesn't interfere with subsequent form submits. This way, the submit will work the first time, but fail on any accidental or on-purpose resubmit, and you avoid adding the information to the database twice. It also prevents the user from navigating directly to the myDB.do URL without going through your normal setup actions -- because the transaction token would not have been placed in the session, so the isTokenValid() test would fail. Craig -Original Message- From: Michael Delamere [mailto:[EMAIL PROTECTED]] Sent: Monday, September 09, 2002 17:25 To: Struts Users Mailing List Subject: Re: [Tokens] Where can I find more information ok, I found this which pretty much helped me understand what is going on: http://www.mail-archive.com/struts-user@jakarta.apache.org/msg35501.html However I still have a problem: In my showProductsAction I have the line: saveToken(request); Then next option would be to click add to cart in which case I would go to the CartAction accordingly. In my CartAction I check the token: === if (isTokenValid(request, true)) { System.out.println(TOKEN IS VALID); } else { System.out.println(TOKEN IS NO LONGER VALID); } === Is the above code assumption correct or am I misinterpreting something? Because when I submit add to cart I always jump into the else block! Regards, Michael - Original Message - From: Michael Delamere [EMAIL PROTECTED] To: Struts Users Mailing List [EMAIL PROTECTED] Sent: Monday, September 09, 2002 9:40 AM Subject: [Tokens] Where can I find more information Hi, I posted a thread last week about having caching problems and that my shopping cart was being incremented by 1 everytime somebody refreshed the browser. The answer I got was that one could use tokens. Sounds like a great idea! So I had a look at the struts-example to find out what it´s about but to be honest I don´t understand exactly what is going on. I tried implementing the code almost exactly as it was done there and it keeps on telling me that my token is invalid. The problem I have here is that I don´t know what it means or what I have to do to correct this. 1. Does anyone know where I can find more information on these tokens? 2. Would it not be a good idea to include this in the struts-config action configuration, i.e. token=true? Any help would be really appreciated! Thanks, Michael -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] The contents of this email are intended only for the named addressees and may contain confidential and/or privileged material. If received in error please contact UPCO on +44 (0) 113 201
RE: [Tokens][2] Where can I find more information....
Hi Andrew, Read your post properly this time; umm good point the same key is used and one would over right the over, invalidating the first... So yes it looks like they would interfere... Jon Ridgway -Original Message- From: Jon.Ridgway [mailto:[EMAIL PROTECTED]] Sent: 09 September 2002 11:00 To: 'Struts Users Mailing List' Subject: RE: [Tokens][2] Where can I find more information Hi Andrew, The generateToken method in Action.java generates a unique token each time saveToken is called. Jon Ridgway -Original Message- From: Andrew Hill [mailto:[EMAIL PROTECTED]] Sent: 09 September 2002 10:23 To: Struts Users Mailing List Subject: RE: [Tokens][2] Where can I find more information Hope you will excuse me stealing this topic for a related question - I added a [2] tag to indicate this ;-) As far as I can see the key under which the token is saved is a constant. What happens if another browser window is also open on some other form (in same session) and the user is trying to submit something there to another action that also users tokens. (This is one of those anoying users who opens fifty billion windows and does stuff in one window while waiting for submission / page loading in another window to complete) Wont the two interfere? ie: User fills in form in window A and submits. While waiting for that to complete, user enters stuff in window B (for a different form or record) and submits that. What happens to the tokens here? btw: heres a copy of the msg Michael refers to in the archive (for those who havent time to load the web page) To deal with resubmits, the most important issue is to avoid updating the database twice when the user accidentally resubmits the same form. Struts has a feature called transaction control tokens that help you avoid this, which is very simply used as follows: * In the Action that sets up your input form (i.e. before you forward to it), execute the following saveToken(request) to save a special value in the user's session that will be used in the next step. * In the Action that receives the form and updates the database, add the following logic before you do the update: if (isTokenValid(request, true)) { ... this is a resubmit, so go display an error ... } The true parameter causes the token to be removed from the session so that it doesn't interfere with subsequent form submits. This way, the submit will work the first time, but fail on any accidental or on-purpose resubmit, and you avoid adding the information to the database twice. It also prevents the user from navigating directly to the myDB.do URL without going through your normal setup actions -- because the transaction token would not have been placed in the session, so the isTokenValid() test would fail. Craig -Original Message- From: Michael Delamere [mailto:[EMAIL PROTECTED]] Sent: Monday, September 09, 2002 17:25 To: Struts Users Mailing List Subject: Re: [Tokens] Where can I find more information ok, I found this which pretty much helped me understand what is going on: http://www.mail-archive.com/struts-user@jakarta.apache.org/msg35501.html However I still have a problem: In my showProductsAction I have the line: saveToken(request); Then next option would be to click add to cart in which case I would go to the CartAction accordingly. In my CartAction I check the token: === if (isTokenValid(request, true)) { System.out.println(TOKEN IS VALID); } else { System.out.println(TOKEN IS NO LONGER VALID); } === Is the above code assumption correct or am I misinterpreting something? Because when I submit add to cart I always jump into the else block! Regards, Michael - Original Message - From: Michael Delamere [EMAIL PROTECTED] To: Struts Users Mailing List [EMAIL PROTECTED] Sent: Monday, September 09, 2002 9:40 AM Subject: [Tokens] Where can I find more information Hi, I posted a thread last week about having caching problems and that my shopping cart was being incremented by 1 everytime somebody refreshed the browser. The answer I got was that one could use tokens. Sounds like a great idea! So I had a look at the struts-example to find out what it´s about but to be honest I don´t understand exactly what is going on. I tried implementing the code almost exactly as it was done there and it keeps on telling me that my token is invalid. The problem I have here is that I don´t know what it means or what I have to do to correct this. 1. Does anyone know where I can find more information on these tokens? 2. Would it not be a good idea to include this in the struts-config action configuration, i.e. token=true? Any help would be really appreciated! Thanks, Michael -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED
RE: [Tokens][2] Where can I find more information....
Yep. Thats what I thought. :-( There are actually quite a few things in struts that seem to have this issue in relation to constant session keys. Of course its only a problem if one tries to accomodate multitasking users, so if users can be trained not to play silly buggers with multiple windows everything should work fine. Single browser window seems to be an assumption most struts apps make, but it would be nice if the framework provided more support for multiple windows (keeping track of which is quite a nightmare!). -Original Message- From: Jon.Ridgway [mailto:[EMAIL PROTECTED]] Sent: Monday, September 09, 2002 18:09 To: 'Struts Users Mailing List' Subject: RE: [Tokens][2] Where can I find more information Hi Andrew, Read your post properly this time; umm good point the same key is used and one would over right the over, invalidating the first... So yes it looks like they would interfere... Jon Ridgway -Original Message- From: Jon.Ridgway [mailto:[EMAIL PROTECTED]] Sent: 09 September 2002 11:00 To: 'Struts Users Mailing List' Subject: RE: [Tokens][2] Where can I find more information Hi Andrew, The generateToken method in Action.java generates a unique token each time saveToken is called. Jon Ridgway -Original Message- From: Andrew Hill [mailto:[EMAIL PROTECTED]] Sent: 09 September 2002 10:23 To: Struts Users Mailing List Subject: RE: [Tokens][2] Where can I find more information Hope you will excuse me stealing this topic for a related question - I added a [2] tag to indicate this ;-) As far as I can see the key under which the token is saved is a constant. What happens if another browser window is also open on some other form (in same session) and the user is trying to submit something there to another action that also users tokens. (This is one of those anoying users who opens fifty billion windows and does stuff in one window while waiting for submission / page loading in another window to complete) Wont the two interfere? ie: User fills in form in window A and submits. While waiting for that to complete, user enters stuff in window B (for a different form or record) and submits that. What happens to the tokens here? btw: heres a copy of the msg Michael refers to in the archive (for those who havent time to load the web page) To deal with resubmits, the most important issue is to avoid updating the database twice when the user accidentally resubmits the same form. Struts has a feature called transaction control tokens that help you avoid this, which is very simply used as follows: * In the Action that sets up your input form (i.e. before you forward to it), execute the following saveToken(request) to save a special value in the user's session that will be used in the next step. * In the Action that receives the form and updates the database, add the following logic before you do the update: if (isTokenValid(request, true)) { ... this is a resubmit, so go display an error ... } The true parameter causes the token to be removed from the session so that it doesn't interfere with subsequent form submits. This way, the submit will work the first time, but fail on any accidental or on-purpose resubmit, and you avoid adding the information to the database twice. It also prevents the user from navigating directly to the myDB.do URL without going through your normal setup actions -- because the transaction token would not have been placed in the session, so the isTokenValid() test would fail. Craig -Original Message- From: Michael Delamere [mailto:[EMAIL PROTECTED]] Sent: Monday, September 09, 2002 17:25 To: Struts Users Mailing List Subject: Re: [Tokens] Where can I find more information ok, I found this which pretty much helped me understand what is going on: http://www.mail-archive.com/struts-user@jakarta.apache.org/msg35501.html However I still have a problem: In my showProductsAction I have the line: saveToken(request); Then next option would be to click add to cart in which case I would go to the CartAction accordingly. In my CartAction I check the token: === if (isTokenValid(request, true)) { System.out.println(TOKEN IS VALID); } else { System.out.println(TOKEN IS NO LONGER VALID); } === Is the above code assumption correct or am I misinterpreting something? Because when I submit add to cart I always jump into the else block! Regards, Michael - Original Message - From: Michael Delamere [EMAIL PROTECTED] To: Struts Users Mailing List [EMAIL PROTECTED] Sent: Monday, September 09, 2002 9:40 AM Subject: [Tokens] Where can I find more information Hi, I posted a thread last week about having caching problems and that my shopping cart was being incremented by 1 everytime somebody refreshed the browser. The answer I got was that one could use tokens. Sounds like a great
Re: [Tokens][2] Where can I find more information....
Of course its only a problem if one tries to accomodate multitasking users, so if users can be trained not to play silly buggers with multiple windows everything should work fine. Wishful thinking :-) - Original Message - From: Andrew Hill [EMAIL PROTECTED] To: Struts Users Mailing List [EMAIL PROTECTED] Sent: Monday, September 09, 2002 12:21 PM Subject: RE: [Tokens][2] Where can I find more information Yep. Thats what I thought. :-( There are actually quite a few things in struts that seem to have this issue in relation to constant session keys. Single browser window seems to be an assumption most struts apps make, but it would be nice if the framework provided more support for multiple windows (keeping track of which is quite a nightmare!). -Original Message- From: Jon.Ridgway [mailto:[EMAIL PROTECTED]] Sent: Monday, September 09, 2002 18:09 To: 'Struts Users Mailing List' Subject: RE: [Tokens][2] Where can I find more information Hi Andrew, Read your post properly this time; umm good point the same key is used and one would over right the over, invalidating the first... So yes it looks like they would interfere... Jon Ridgway -Original Message- From: Jon.Ridgway [mailto:[EMAIL PROTECTED]] Sent: 09 September 2002 11:00 To: 'Struts Users Mailing List' Subject: RE: [Tokens][2] Where can I find more information Hi Andrew, The generateToken method in Action.java generates a unique token each time saveToken is called. Jon Ridgway -Original Message- From: Andrew Hill [mailto:[EMAIL PROTECTED]] Sent: 09 September 2002 10:23 To: Struts Users Mailing List Subject: RE: [Tokens][2] Where can I find more information Hope you will excuse me stealing this topic for a related question - I added a [2] tag to indicate this ;-) As far as I can see the key under which the token is saved is a constant. What happens if another browser window is also open on some other form (in same session) and the user is trying to submit something there to another action that also users tokens. (This is one of those anoying users who opens fifty billion windows and does stuff in one window while waiting for submission / page loading in another window to complete) Wont the two interfere? ie: User fills in form in window A and submits. While waiting for that to complete, user enters stuff in window B (for a different form or record) and submits that. What happens to the tokens here? btw: heres a copy of the msg Michael refers to in the archive (for those who havent time to load the web page) To deal with resubmits, the most important issue is to avoid updating the database twice when the user accidentally resubmits the same form. Struts has a feature called transaction control tokens that help you avoid this, which is very simply used as follows: * In the Action that sets up your input form (i.e. before you forward to it), execute the following saveToken(request) to save a special value in the user's session that will be used in the next step. * In the Action that receives the form and updates the database, add the following logic before you do the update: if (isTokenValid(request, true)) { ... this is a resubmit, so go display an error ... } The true parameter causes the token to be removed from the session so that it doesn't interfere with subsequent form submits. This way, the submit will work the first time, but fail on any accidental or on-purpose resubmit, and you avoid adding the information to the database twice. It also prevents the user from navigating directly to the myDB.do URL without going through your normal setup actions -- because the transaction token would not have been placed in the session, so the isTokenValid() test would fail. Craig -Original Message- From: Michael Delamere [mailto:[EMAIL PROTECTED]] Sent: Monday, September 09, 2002 17:25 To: Struts Users Mailing List Subject: Re: [Tokens] Where can I find more information ok, I found this which pretty much helped me understand what is going on: http://www.mail-archive.com/struts-user@jakarta.apache.org/msg35501.html However I still have a problem: In my showProductsAction I have the line: saveToken(request); Then next option would be to click add to cart in which case I would go to the CartAction accordingly. In my CartAction I check the token: === if (isTokenValid(request, true)) { System.out.println(TOKEN IS VALID); } else { System.out.println(TOKEN IS NO LONGER VALID); } === Is the above code assumption correct or am I misinterpreting something? Because when I submit add to cart I always jump into the else block! Regards, Michael - Original Message - From: Michael Delamere [EMAIL PROTECTED] To: Struts Users Mailing
RE: [Tokens][2] Where can I find more information....
I guess the real trick would be to eliminate the users altogether, as they seem to be the source of most problems. hehe. Maybe I should try and divert the [OT] JavaScript auto-submit form thread to this dicussing this idea ;- -Original Message- From: Michael Delamere [mailto:[EMAIL PROTECTED]] Sent: Monday, September 09, 2002 18:40 To: Struts Users Mailing List Subject: Re: [Tokens][2] Where can I find more information Of course its only a problem if one tries to accomodate multitasking users, so if users can be trained not to play silly buggers with multiple windows everything should work fine. Wishful thinking :-) - Original Message - From: Andrew Hill [EMAIL PROTECTED] To: Struts Users Mailing List [EMAIL PROTECTED] Sent: Monday, September 09, 2002 12:21 PM Subject: RE: [Tokens][2] Where can I find more information Yep. Thats what I thought. :-( There are actually quite a few things in struts that seem to have this issue in relation to constant session keys. Single browser window seems to be an assumption most struts apps make, but it would be nice if the framework provided more support for multiple windows (keeping track of which is quite a nightmare!). -Original Message- From: Jon.Ridgway [mailto:[EMAIL PROTECTED]] Sent: Monday, September 09, 2002 18:09 To: 'Struts Users Mailing List' Subject: RE: [Tokens][2] Where can I find more information Hi Andrew, Read your post properly this time; umm good point the same key is used and one would over right the over, invalidating the first... So yes it looks like they would interfere... Jon Ridgway -Original Message- From: Jon.Ridgway [mailto:[EMAIL PROTECTED]] Sent: 09 September 2002 11:00 To: 'Struts Users Mailing List' Subject: RE: [Tokens][2] Where can I find more information Hi Andrew, The generateToken method in Action.java generates a unique token each time saveToken is called. Jon Ridgway -Original Message- From: Andrew Hill [mailto:[EMAIL PROTECTED]] Sent: 09 September 2002 10:23 To: Struts Users Mailing List Subject: RE: [Tokens][2] Where can I find more information Hope you will excuse me stealing this topic for a related question - I added a [2] tag to indicate this ;-) As far as I can see the key under which the token is saved is a constant. What happens if another browser window is also open on some other form (in same session) and the user is trying to submit something there to another action that also users tokens. (This is one of those anoying users who opens fifty billion windows and does stuff in one window while waiting for submission / page loading in another window to complete) Wont the two interfere? ie: User fills in form in window A and submits. While waiting for that to complete, user enters stuff in window B (for a different form or record) and submits that. What happens to the tokens here? btw: heres a copy of the msg Michael refers to in the archive (for those who havent time to load the web page) To deal with resubmits, the most important issue is to avoid updating the database twice when the user accidentally resubmits the same form. Struts has a feature called transaction control tokens that help you avoid this, which is very simply used as follows: * In the Action that sets up your input form (i.e. before you forward to it), execute the following saveToken(request) to save a special value in the user's session that will be used in the next step. * In the Action that receives the form and updates the database, add the following logic before you do the update: if (isTokenValid(request, true)) { ... this is a resubmit, so go display an error ... } The true parameter causes the token to be removed from the session so that it doesn't interfere with subsequent form submits. This way, the submit will work the first time, but fail on any accidental or on-purpose resubmit, and you avoid adding the information to the database twice. It also prevents the user from navigating directly to the myDB.do URL without going through your normal setup actions -- because the transaction token would not have been placed in the session, so the isTokenValid() test would fail. Craig -Original Message- From: Michael Delamere [mailto:[EMAIL PROTECTED]] Sent: Monday, September 09, 2002 17:25 To: Struts Users Mailing List Subject: Re: [Tokens] Where can I find more information ok, I found this which pretty much helped me understand what is going on: http://www.mail-archive.com/struts-user@jakarta.apache.org/msg35501.html However I still have a problem: In my showProductsAction I have the line: saveToken(request); Then next option would be to click add to cart in which case I would go to the CartAction accordingly. In my CartAction I check the token
Re: [Tokens][2] Where can I find more information....
I don´t quite agree (sorry) because I want to solve the problem without javascript. I hate javascript and always try to do without it :-) Regards, Michael - Original Message - From: Andrew Hill [EMAIL PROTECTED] To: Struts Users Mailing List [EMAIL PROTECTED] Sent: Monday, September 09, 2002 12:36 PM Subject: RE: [Tokens][2] Where can I find more information I guess the real trick would be to eliminate the users altogether, as they seem to be the source of most problems. hehe. Maybe I should try and divert the [OT] JavaScript auto-submit form thread to this dicussing this idea ;- -Original Message- From: Michael Delamere [mailto:[EMAIL PROTECTED]] Sent: Monday, September 09, 2002 18:40 To: Struts Users Mailing List Subject: Re: [Tokens][2] Where can I find more information Of course its only a problem if one tries to accomodate multitasking users, so if users can be trained not to play silly buggers with multiple windows everything should work fine. Wishful thinking :-) - Original Message - From: Andrew Hill [EMAIL PROTECTED] To: Struts Users Mailing List [EMAIL PROTECTED] Sent: Monday, September 09, 2002 12:21 PM Subject: RE: [Tokens][2] Where can I find more information Yep. Thats what I thought. :-( There are actually quite a few things in struts that seem to have this issue in relation to constant session keys. Single browser window seems to be an assumption most struts apps make, but it would be nice if the framework provided more support for multiple windows (keeping track of which is quite a nightmare!). -Original Message- From: Jon.Ridgway [mailto:[EMAIL PROTECTED]] Sent: Monday, September 09, 2002 18:09 To: 'Struts Users Mailing List' Subject: RE: [Tokens][2] Where can I find more information Hi Andrew, Read your post properly this time; umm good point the same key is used and one would over right the over, invalidating the first... So yes it looks like they would interfere... Jon Ridgway -Original Message- From: Jon.Ridgway [mailto:[EMAIL PROTECTED]] Sent: 09 September 2002 11:00 To: 'Struts Users Mailing List' Subject: RE: [Tokens][2] Where can I find more information Hi Andrew, The generateToken method in Action.java generates a unique token each time saveToken is called. Jon Ridgway -Original Message- From: Andrew Hill [mailto:[EMAIL PROTECTED]] Sent: 09 September 2002 10:23 To: Struts Users Mailing List Subject: RE: [Tokens][2] Where can I find more information Hope you will excuse me stealing this topic for a related question - I added a [2] tag to indicate this ;-) As far as I can see the key under which the token is saved is a constant. What happens if another browser window is also open on some other form (in same session) and the user is trying to submit something there to another action that also users tokens. (This is one of those anoying users who opens fifty billion windows and does stuff in one window while waiting for submission / page loading in another window to complete) Wont the two interfere? ie: User fills in form in window A and submits. While waiting for that to complete, user enters stuff in window B (for a different form or record) and submits that. What happens to the tokens here? btw: heres a copy of the msg Michael refers to in the archive (for those who havent time to load the web page) To deal with resubmits, the most important issue is to avoid updating the database twice when the user accidentally resubmits the same form. Struts has a feature called transaction control tokens that help you avoid this, which is very simply used as follows: * In the Action that sets up your input form (i.e. before you forward to it), execute the following saveToken(request) to save a special value in the user's session that will be used in the next step. * In the Action that receives the form and updates the database, add the following logic before you do the update: if (isTokenValid(request, true)) { ... this is a resubmit, so go display an error ... } The true parameter causes the token to be removed from the session so that it doesn't interfere with subsequent form submits. This way, the submit will work the first time, but fail on any accidental or on-purpose resubmit, and you avoid adding the information to the database twice. It also prevents the user from navigating directly to the myDB.do URL without going through your normal setup actions -- because the transaction token would not have been placed in the session, so the isTokenValid() test would fail. Craig -Original Message- From: Michael Delamere [mailto:[EMAIL PROTECTED]] Sent: Monday, September 09, 2002 17:25 To: Struts Users
Re: [Tokens][2] Where can I find more information....
For some reason I always get false when I question if the token is valid! Can anyone tell me what I´m doing wrong? Regards, Michael - Original Message - From: Michael Delamere [EMAIL PROTECTED] To: Struts Users Mailing List [EMAIL PROTECTED] Sent: Monday, September 09, 2002 12:57 PM Subject: Re: [Tokens][2] Where can I find more information I don´t quite agree (sorry) because I want to solve the problem without javascript. I hate javascript and always try to do without it :-) Regards, Michael - Original Message - From: Andrew Hill [EMAIL PROTECTED] To: Struts Users Mailing List [EMAIL PROTECTED] Sent: Monday, September 09, 2002 12:36 PM Subject: RE: [Tokens][2] Where can I find more information I guess the real trick would be to eliminate the users altogether, as they seem to be the source of most problems. hehe. Maybe I should try and divert the [OT] JavaScript auto-submit form thread to this dicussing this idea ;- -Original Message- From: Michael Delamere [mailto:[EMAIL PROTECTED]] Sent: Monday, September 09, 2002 18:40 To: Struts Users Mailing List Subject: Re: [Tokens][2] Where can I find more information Of course its only a problem if one tries to accomodate multitasking users, so if users can be trained not to play silly buggers with multiple windows everything should work fine. Wishful thinking :-) - Original Message - From: Andrew Hill [EMAIL PROTECTED] To: Struts Users Mailing List [EMAIL PROTECTED] Sent: Monday, September 09, 2002 12:21 PM Subject: RE: [Tokens][2] Where can I find more information Yep. Thats what I thought. :-( There are actually quite a few things in struts that seem to have this issue in relation to constant session keys. Single browser window seems to be an assumption most struts apps make, but it would be nice if the framework provided more support for multiple windows (keeping track of which is quite a nightmare!). -Original Message- From: Jon.Ridgway [mailto:[EMAIL PROTECTED]] Sent: Monday, September 09, 2002 18:09 To: 'Struts Users Mailing List' Subject: RE: [Tokens][2] Where can I find more information Hi Andrew, Read your post properly this time; umm good point the same key is used and one would over right the over, invalidating the first... So yes it looks like they would interfere... Jon Ridgway -Original Message- From: Jon.Ridgway [mailto:[EMAIL PROTECTED]] Sent: 09 September 2002 11:00 To: 'Struts Users Mailing List' Subject: RE: [Tokens][2] Where can I find more information Hi Andrew, The generateToken method in Action.java generates a unique token each time saveToken is called. Jon Ridgway -Original Message- From: Andrew Hill [mailto:[EMAIL PROTECTED]] Sent: 09 September 2002 10:23 To: Struts Users Mailing List Subject: RE: [Tokens][2] Where can I find more information Hope you will excuse me stealing this topic for a related question - I added a [2] tag to indicate this ;-) As far as I can see the key under which the token is saved is a constant. What happens if another browser window is also open on some other form (in same session) and the user is trying to submit something there to another action that also users tokens. (This is one of those anoying users who opens fifty billion windows and does stuff in one window while waiting for submission / page loading in another window to complete) Wont the two interfere? ie: User fills in form in window A and submits. While waiting for that to complete, user enters stuff in window B (for a different form or record) and submits that. What happens to the tokens here? btw: heres a copy of the msg Michael refers to in the archive (for those who havent time to load the web page) To deal with resubmits, the most important issue is to avoid updating the database twice when the user accidentally resubmits the same form. Struts has a feature called transaction control tokens that help you avoid this, which is very simply used as follows: * In the Action that sets up your input form (i.e. before you forward to it), execute the following saveToken(request) to save a special value in the user's session that will be used in the next step. * In the Action that receives the form and updates the database, add the following logic before you do the update: if (isTokenValid(request, true)) { ... this is a resubmit, so go display an error ... } The true parameter causes the token to be removed from the session so that it doesn't interfere with subsequent form submits. This way, the submit will work the first time, but fail on any
Constant session keys and multiple windows (WAS: RE: [Tokens][2] Where can I find more information....)
The application Im working on at the moment has a little support for multiple windows , but its not very good and only works at certain points (but remains there as its good for a few other things too). Basically I have an object which is an instance of class OperationContext. This object has attributes and a few other properties, and it gets stored in the session when an 'operation' starts. (An operation being a sort of workflow, like a wizard or even a normal form edit). The OperationContext is bound to a unique key in the session (this key is maintained in a single request parameter that needs to be submitted each time). One of the properties in this OperationContext is the ActionForm , and I've subclassed RequestProcessor to look for an actionForm in OperationContext if the form is session scoped (if it doesnt find one it reverts to normal handling of this). A neat trick I can do with the OperationContext is to 'stack' them. This allows me to divert from editing a form to editing another (ad infinitum) and when complete or cancelled return back to the parent operation in the same state is was before the diversion. This makes for some quite use by the user - much like wizards only more flexible. Of course OperationContext concept is good for classical wizards too. The downside to the operationContext is that is is binding stuff in the session, and as with any such objects stored in the session it is easy for them to be 'abandoned' as one never really knows if user is finished with them, leading to the session eating memory... (I do remove it when the operation is completed, but of course the user could go wandering before then and never come back...) Of course if the user opens another window on a page in the middle of an 'operation' the new page has the same operationContext id, so if they submit the first window, then try submitting the second they get an error for the second as the operationContext object was removed when the first page was submitted. Similar effect to using tokens but it emerged as a side effect so I dont think it quite as elegant. Id be interested to hear how other people approach these issues. Any comments? -Original Message- From: Andrew Hill [mailto:[EMAIL PROTECTED]] Sent: Monday, September 09, 2002 18:21 To: Struts Users Mailing List Subject: RE: [Tokens][2] Where can I find more information Yep. Thats what I thought. :-( There are actually quite a few things in struts that seem to have this issue in relation to constant session keys. Of course its only a problem if one tries to accomodate multitasking users, so if users can be trained not to play silly buggers with multiple windows everything should work fine. Single browser window seems to be an assumption most struts apps make, but it would be nice if the framework provided more support for multiple windows (keeping track of which is quite a nightmare!). -Original Message- From: Jon.Ridgway [mailto:[EMAIL PROTECTED]] Sent: Monday, September 09, 2002 18:09 To: 'Struts Users Mailing List' Subject: RE: [Tokens][2] Where can I find more information Hi Andrew, Read your post properly this time; umm good point the same key is used and one would over right the over, invalidating the first... So yes it looks like they would interfere... Jon Ridgway -Original Message- From: Jon.Ridgway [mailto:[EMAIL PROTECTED]] Sent: 09 September 2002 11:00 To: 'Struts Users Mailing List' Subject: RE: [Tokens][2] Where can I find more information Hi Andrew, The generateToken method in Action.java generates a unique token each time saveToken is called. Jon Ridgway -Original Message- From: Andrew Hill [mailto:[EMAIL PROTECTED]] Sent: 09 September 2002 10:23 To: Struts Users Mailing List Subject: RE: [Tokens][2] Where can I find more information Hope you will excuse me stealing this topic for a related question - I added a [2] tag to indicate this ;-) As far as I can see the key under which the token is saved is a constant. What happens if another browser window is also open on some other form (in same session) and the user is trying to submit something there to another action that also users tokens. (This is one of those anoying users who opens fifty billion windows and does stuff in one window while waiting for submission / page loading in another window to complete) Wont the two interfere? ie: User fills in form in window A and submits. While waiting for that to complete, user enters stuff in window B (for a different form or record) and submits that. What happens to the tokens here? btw: heres a copy of the msg Michael refers to in the archive (for those who havent time to load the web page) To deal with resubmits, the most important issue is to avoid updating the database twice when the user accidentally resubmits the same form. Struts has a feature called transaction control tokens that help you avoid this, which is very simply used as follows: * In the Action
RE: [Tokens][2] Where can I find more information....
Yeh. Good point. Mind you , if we have no users, then we dont need a client side, so we could eliminate all that annoying validation, and rendering of the screen, and such like :-) -Original Message- From: Michael Delamere [mailto:[EMAIL PROTECTED]] Sent: Monday, September 09, 2002 18:57 To: Struts Users Mailing List Subject: Re: [Tokens][2] Where can I find more information I don´t quite agree (sorry) because I want to solve the problem without javascript. I hate javascript and always try to do without it :-) Regards, Michael - Original Message - From: Andrew Hill [EMAIL PROTECTED] To: Struts Users Mailing List [EMAIL PROTECTED] Sent: Monday, September 09, 2002 12:36 PM Subject: RE: [Tokens][2] Where can I find more information I guess the real trick would be to eliminate the users altogether, as they seem to be the source of most problems. hehe. Maybe I should try and divert the [OT] JavaScript auto-submit form thread to this dicussing this idea ;- -Original Message- From: Michael Delamere [mailto:[EMAIL PROTECTED]] Sent: Monday, September 09, 2002 18:40 To: Struts Users Mailing List Subject: Re: [Tokens][2] Where can I find more information Of course its only a problem if one tries to accomodate multitasking users, so if users can be trained not to play silly buggers with multiple windows everything should work fine. Wishful thinking :-) - Original Message - From: Andrew Hill [EMAIL PROTECTED] To: Struts Users Mailing List [EMAIL PROTECTED] Sent: Monday, September 09, 2002 12:21 PM Subject: RE: [Tokens][2] Where can I find more information Yep. Thats what I thought. :-( There are actually quite a few things in struts that seem to have this issue in relation to constant session keys. Single browser window seems to be an assumption most struts apps make, but it would be nice if the framework provided more support for multiple windows (keeping track of which is quite a nightmare!). -Original Message- From: Jon.Ridgway [mailto:[EMAIL PROTECTED]] Sent: Monday, September 09, 2002 18:09 To: 'Struts Users Mailing List' Subject: RE: [Tokens][2] Where can I find more information Hi Andrew, Read your post properly this time; umm good point the same key is used and one would over right the over, invalidating the first... So yes it looks like they would interfere... Jon Ridgway -Original Message- From: Jon.Ridgway [mailto:[EMAIL PROTECTED]] Sent: 09 September 2002 11:00 To: 'Struts Users Mailing List' Subject: RE: [Tokens][2] Where can I find more information Hi Andrew, The generateToken method in Action.java generates a unique token each time saveToken is called. Jon Ridgway -Original Message- From: Andrew Hill [mailto:[EMAIL PROTECTED]] Sent: 09 September 2002 10:23 To: Struts Users Mailing List Subject: RE: [Tokens][2] Where can I find more information Hope you will excuse me stealing this topic for a related question - I added a [2] tag to indicate this ;-) As far as I can see the key under which the token is saved is a constant. What happens if another browser window is also open on some other form (in same session) and the user is trying to submit something there to another action that also users tokens. (This is one of those anoying users who opens fifty billion windows and does stuff in one window while waiting for submission / page loading in another window to complete) Wont the two interfere? ie: User fills in form in window A and submits. While waiting for that to complete, user enters stuff in window B (for a different form or record) and submits that. What happens to the tokens here? btw: heres a copy of the msg Michael refers to in the archive (for those who havent time to load the web page) To deal with resubmits, the most important issue is to avoid updating the database twice when the user accidentally resubmits the same form. Struts has a feature called transaction control tokens that help you avoid this, which is very simply used as follows: * In the Action that sets up your input form (i.e. before you forward to it), execute the following saveToken(request) to save a special value in the user's session that will be used in the next step. * In the Action that receives the form and updates the database, add the following logic before you do the update: if (isTokenValid(request, true)) { ... this is a resubmit, so go display an error ... } The true parameter causes the token to be removed from the session so that it doesn't interfere with subsequent form submits. This way, the submit will work the first time, but fail on any accidental or on-purpose resubmit, and you avoid adding the information to the database twice. It also
Re: [Tokens][2] Where can I find more information....
ok, sod the users, who needs them anyway :-) - Original Message - From: Andrew Hill [EMAIL PROTECTED] To: Struts Users Mailing List [EMAIL PROTECTED] Sent: Monday, September 09, 2002 12:49 PM Subject: RE: [Tokens][2] Where can I find more information Yeh. Good point. Mind you , if we have no users, then we dont need a client side, so we could eliminate all that annoying validation, and rendering of the screen, and such like :-) -Original Message- From: Michael Delamere [mailto:[EMAIL PROTECTED]] Sent: Monday, September 09, 2002 18:57 To: Struts Users Mailing List Subject: Re: [Tokens][2] Where can I find more information I don´t quite agree (sorry) because I want to solve the problem without javascript. I hate javascript and always try to do without it :-) Regards, Michael - Original Message - From: Andrew Hill [EMAIL PROTECTED] To: Struts Users Mailing List [EMAIL PROTECTED] Sent: Monday, September 09, 2002 12:36 PM Subject: RE: [Tokens][2] Where can I find more information I guess the real trick would be to eliminate the users altogether, as they seem to be the source of most problems. hehe. Maybe I should try and divert the [OT] JavaScript auto-submit form thread to this dicussing this idea ;- -Original Message- From: Michael Delamere [mailto:[EMAIL PROTECTED]] Sent: Monday, September 09, 2002 18:40 To: Struts Users Mailing List Subject: Re: [Tokens][2] Where can I find more information Of course its only a problem if one tries to accomodate multitasking users, so if users can be trained not to play silly buggers with multiple windows everything should work fine. Wishful thinking :-) - Original Message - From: Andrew Hill [EMAIL PROTECTED] To: Struts Users Mailing List [EMAIL PROTECTED] Sent: Monday, September 09, 2002 12:21 PM Subject: RE: [Tokens][2] Where can I find more information Yep. Thats what I thought. :-( There are actually quite a few things in struts that seem to have this issue in relation to constant session keys. Single browser window seems to be an assumption most struts apps make, but it would be nice if the framework provided more support for multiple windows (keeping track of which is quite a nightmare!). -Original Message- From: Jon.Ridgway [mailto:[EMAIL PROTECTED]] Sent: Monday, September 09, 2002 18:09 To: 'Struts Users Mailing List' Subject: RE: [Tokens][2] Where can I find more information Hi Andrew, Read your post properly this time; umm good point the same key is used and one would over right the over, invalidating the first... So yes it looks like they would interfere... Jon Ridgway -Original Message- From: Jon.Ridgway [mailto:[EMAIL PROTECTED]] Sent: 09 September 2002 11:00 To: 'Struts Users Mailing List' Subject: RE: [Tokens][2] Where can I find more information Hi Andrew, The generateToken method in Action.java generates a unique token each time saveToken is called. Jon Ridgway -Original Message- From: Andrew Hill [mailto:[EMAIL PROTECTED]] Sent: 09 September 2002 10:23 To: Struts Users Mailing List Subject: RE: [Tokens][2] Where can I find more information Hope you will excuse me stealing this topic for a related question - I added a [2] tag to indicate this ;-) As far as I can see the key under which the token is saved is a constant. What happens if another browser window is also open on some other form (in same session) and the user is trying to submit something there to another action that also users tokens. (This is one of those anoying users who opens fifty billion windows and does stuff in one window while waiting for submission / page loading in another window to complete) Wont the two interfere? ie: User fills in form in window A and submits. While waiting for that to complete, user enters stuff in window B (for a different form or record) and submits that. What happens to the tokens here? btw: heres a copy of the msg Michael refers to in the archive (for those who havent time to load the web page) To deal with resubmits, the most important issue is to avoid updating the database twice when the user accidentally resubmits the same form. Struts has a feature called transaction control tokens that help you avoid this, which is very simply used as follows: * In the Action that sets up your input form (i.e. before you forward to it), execute the following saveToken(request) to save a special value in the user's session that will be used in the next step. * In the Action that receives the form and updates the database, add the following logic before you do the update
Re: [Tokens][2] Where can I find more information....
Unfortunately, there isn't always a non-JavaScript solution ;-) What do you do with requirements that can only be implemented with JavaScript? Regards :-) Eddie Michael Delamere wrote: I don´t quite agree (sorry) because I want to solve the problem without javascript. I hate javascript and always try to do without it :-) Regards, Michael -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: [Tokens][2] Where can I find more information....
to me there is no such requirement. :-) It depends on what you communicate to the customer and I´ll tend to not advise it :-). Regards, Michael - Original Message - From: Eddie Bush [EMAIL PROTECTED] To: Struts Users Mailing List [EMAIL PROTECTED] Sent: Monday, September 09, 2002 4:22 PM Subject: Re: [Tokens][2] Where can I find more information Unfortunately, there isn't always a non-JavaScript solution ;-) What do you do with requirements that can only be implemented with JavaScript? Regards :-) Eddie Michael Delamere wrote: I don´t quite agree (sorry) because I want to solve the problem without javascript. I hate javascript and always try to do without it :-) Regards, Michael -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: [Tokens][2] Where can I find more information....
I might be mistaken but isn't that what is supposed to happen? snip === if (isTokenValid(request, true)) { System.out.println(TOKEN IS VALID); } else { System.out.println(TOKEN IS NO LONGER VALID); } === Is the above code assumption correct or am I misinterpreting something? Because when I submit add to cart I always jump into the else block! /snip snip if (isTokenValid(request, true)) { ... this is a resubmit, so go display an error ... } /snip Kris -Original Message- From: Michael Delamere [mailto:[EMAIL PROTECTED]] Sent: Monday, September 09, 2002 6:57 AM To: Struts Users Mailing List Subject: Re: [Tokens][2] Where can I find more information I don´t quite agree (sorry) because I want to solve the problem without javascript. I hate javascript and always try to do without it :-) Regards, Michael - Original Message - From: Andrew Hill [EMAIL PROTECTED] To: Struts Users Mailing List [EMAIL PROTECTED] Sent: Monday, September 09, 2002 12:36 PM Subject: RE: [Tokens][2] Where can I find more information I guess the real trick would be to eliminate the users altogether, as they seem to be the source of most problems. hehe. Maybe I should try and divert the [OT] JavaScript auto-submit form thread to this dicussing this idea ;- -Original Message- From: Michael Delamere [mailto:[EMAIL PROTECTED]] Sent: Monday, September 09, 2002 18:40 To: Struts Users Mailing List Subject: Re: [Tokens][2] Where can I find more information Of course its only a problem if one tries to accomodate multitasking users, so if users can be trained not to play silly buggers with multiple windows everything should work fine. Wishful thinking :-) - Original Message - From: Andrew Hill [EMAIL PROTECTED] To: Struts Users Mailing List [EMAIL PROTECTED] Sent: Monday, September 09, 2002 12:21 PM Subject: RE: [Tokens][2] Where can I find more information Yep. Thats what I thought. :-( There are actually quite a few things in struts that seem to have this issue in relation to constant session keys. Single browser window seems to be an assumption most struts apps make, but it would be nice if the framework provided more support for multiple windows (keeping track of which is quite a nightmare!). -Original Message- From: Jon.Ridgway [mailto:[EMAIL PROTECTED]] Sent: Monday, September 09, 2002 18:09 To: 'Struts Users Mailing List' Subject: RE: [Tokens][2] Where can I find more information Hi Andrew, Read your post properly this time; umm good point the same key is used and one would over right the over, invalidating the first... So yes it looks like they would interfere... Jon Ridgway -Original Message- From: Jon.Ridgway [mailto:[EMAIL PROTECTED]] Sent: 09 September 2002 11:00 To: 'Struts Users Mailing List' Subject: RE: [Tokens][2] Where can I find more information Hi Andrew, The generateToken method in Action.java generates a unique token each time saveToken is called. Jon Ridgway -Original Message- From: Andrew Hill [mailto:[EMAIL PROTECTED]] Sent: 09 September 2002 10:23 To: Struts Users Mailing List Subject: RE: [Tokens][2] Where can I find more information Hope you will excuse me stealing this topic for a related question - I added a [2] tag to indicate this ;-) As far as I can see the key under which the token is saved is a constant. What happens if another browser window is also open on some other form (in same session) and the user is trying to submit something there to another action that also users tokens. (This is one of those anoying users who opens fifty billion windows and does stuff in one window while waiting for submission / page loading in another window to complete) Wont the two interfere? ie: User fills in form in window A and submits. While waiting for that to complete, user enters stuff in window B (for a different form or record) and submits that. What happens to the tokens here? btw: heres a copy of the msg Michael refers to in the archive (for those who havent time to load the web page) To deal with resubmits, the most important issue is to avoid updating the database twice when the user accidentally resubmits the same form. Struts has a feature called transaction control tokens that help you avoid this, which is very simply used as follows: * In the Action that sets up your input form (i.e. before you forward to it), execute the following saveToken(request) to save a special value in the user's session that will be used in the next step. * In the Action that receives the form and updates the database, add the following logic before you do the update: if (isTokenValid(request, true
RE: [Tokens][2] Where can I find more information....
Hi Kris, The first code snippet below is the correct one (I think??). I think the snippet on Teds site (second snippet below) *may* be wrong... Jon Ridgway -Original Message- From: Dhulipala, Kris [mailto:[EMAIL PROTECTED]] Sent: 09 September 2002 15:34 To: 'Struts Users Mailing List' Subject: RE: [Tokens][2] Where can I find more information I might be mistaken but isn't that what is supposed to happen? snip === if (isTokenValid(request, true)) { System.out.println(TOKEN IS VALID); } else { System.out.println(TOKEN IS NO LONGER VALID); } === Is the above code assumption correct or am I misinterpreting something? Because when I submit add to cart I always jump into the else block! /snip snip if (isTokenValid(request, true)) { ... this is a resubmit, so go display an error ... } /snip Kris -Original Message- From: Michael Delamere [mailto:[EMAIL PROTECTED]] Sent: Monday, September 09, 2002 6:57 AM To: Struts Users Mailing List Subject: Re: [Tokens][2] Where can I find more information I don´t quite agree (sorry) because I want to solve the problem without javascript. I hate javascript and always try to do without it :-) Regards, Michael - Original Message - From: Andrew Hill [EMAIL PROTECTED] To: Struts Users Mailing List [EMAIL PROTECTED] Sent: Monday, September 09, 2002 12:36 PM Subject: RE: [Tokens][2] Where can I find more information I guess the real trick would be to eliminate the users altogether, as they seem to be the source of most problems. hehe. Maybe I should try and divert the [OT] JavaScript auto-submit form thread to this dicussing this idea ;- -Original Message- From: Michael Delamere [mailto:[EMAIL PROTECTED]] Sent: Monday, September 09, 2002 18:40 To: Struts Users Mailing List Subject: Re: [Tokens][2] Where can I find more information Of course its only a problem if one tries to accomodate multitasking users, so if users can be trained not to play silly buggers with multiple windows everything should work fine. Wishful thinking :-) - Original Message - From: Andrew Hill [EMAIL PROTECTED] To: Struts Users Mailing List [EMAIL PROTECTED] Sent: Monday, September 09, 2002 12:21 PM Subject: RE: [Tokens][2] Where can I find more information Yep. Thats what I thought. :-( There are actually quite a few things in struts that seem to have this issue in relation to constant session keys. Single browser window seems to be an assumption most struts apps make, but it would be nice if the framework provided more support for multiple windows (keeping track of which is quite a nightmare!). -Original Message- From: Jon.Ridgway [mailto:[EMAIL PROTECTED]] Sent: Monday, September 09, 2002 18:09 To: 'Struts Users Mailing List' Subject: RE: [Tokens][2] Where can I find more information Hi Andrew, Read your post properly this time; umm good point the same key is used and one would over right the over, invalidating the first... So yes it looks like they would interfere... Jon Ridgway -Original Message- From: Jon.Ridgway [mailto:[EMAIL PROTECTED]] Sent: 09 September 2002 11:00 To: 'Struts Users Mailing List' Subject: RE: [Tokens][2] Where can I find more information Hi Andrew, The generateToken method in Action.java generates a unique token each time saveToken is called. Jon Ridgway -Original Message- From: Andrew Hill [mailto:[EMAIL PROTECTED]] Sent: 09 September 2002 10:23 To: Struts Users Mailing List Subject: RE: [Tokens][2] Where can I find more information Hope you will excuse me stealing this topic for a related question - I added a [2] tag to indicate this ;-) As far as I can see the key under which the token is saved is a constant. What happens if another browser window is also open on some other form (in same session) and the user is trying to submit something there to another action that also users tokens. (This is one of those anoying users who opens fifty billion windows and does stuff in one window while waiting for submission / page loading in another window to complete) Wont the two interfere? ie: User fills in form in window A and submits. While waiting for that to complete, user enters stuff in window B (for a different form or record) and submits that. What happens to the tokens here? btw: heres a copy of the msg Michael refers to in the archive (for those who havent time to load the web page) To deal with resubmits, the most important issue is to avoid updating the database twice when the user accidentally resubmits the same form. Struts has a feature called transaction control tokens that help you avoid this, which is very simply used as follows: * In the Action that sets up your input
RE: [Tokens][2] Where can I find more information....
hi Jon, My Bad... Just checked the api and looks like you are right. -Kris -Original Message- From: Jon.Ridgway [mailto:[EMAIL PROTECTED]] Sent: Monday, September 09, 2002 10:49 AM To: 'Struts Users Mailing List' Subject: RE: [Tokens][2] Where can I find more information Hi Kris, The first code snippet below is the correct one (I think??). I think the snippet on Teds site (second snippet below) *may* be wrong... Jon Ridgway -Original Message- From: Dhulipala, Kris [mailto:[EMAIL PROTECTED]] Sent: 09 September 2002 15:34 To: 'Struts Users Mailing List' Subject: RE: [Tokens][2] Where can I find more information I might be mistaken but isn't that what is supposed to happen? snip === if (isTokenValid(request, true)) { System.out.println(TOKEN IS VALID); } else { System.out.println(TOKEN IS NO LONGER VALID); } === Is the above code assumption correct or am I misinterpreting something? Because when I submit add to cart I always jump into the else block! /snip snip if (isTokenValid(request, true)) { ... this is a resubmit, so go display an error ... } /snip Kris -Original Message- From: Michael Delamere [mailto:[EMAIL PROTECTED]] Sent: Monday, September 09, 2002 6:57 AM To: Struts Users Mailing List Subject: Re: [Tokens][2] Where can I find more information I don´t quite agree (sorry) because I want to solve the problem without javascript. I hate javascript and always try to do without it :-) Regards, Michael - Original Message - From: Andrew Hill [EMAIL PROTECTED] To: Struts Users Mailing List [EMAIL PROTECTED] Sent: Monday, September 09, 2002 12:36 PM Subject: RE: [Tokens][2] Where can I find more information I guess the real trick would be to eliminate the users altogether, as they seem to be the source of most problems. hehe. Maybe I should try and divert the [OT] JavaScript auto-submit form thread to this dicussing this idea ;- -Original Message- From: Michael Delamere [mailto:[EMAIL PROTECTED]] Sent: Monday, September 09, 2002 18:40 To: Struts Users Mailing List Subject: Re: [Tokens][2] Where can I find more information Of course its only a problem if one tries to accomodate multitasking users, so if users can be trained not to play silly buggers with multiple windows everything should work fine. Wishful thinking :-) - Original Message - From: Andrew Hill [EMAIL PROTECTED] To: Struts Users Mailing List [EMAIL PROTECTED] Sent: Monday, September 09, 2002 12:21 PM Subject: RE: [Tokens][2] Where can I find more information Yep. Thats what I thought. :-( There are actually quite a few things in struts that seem to have this issue in relation to constant session keys. Single browser window seems to be an assumption most struts apps make, but it would be nice if the framework provided more support for multiple windows (keeping track of which is quite a nightmare!). -Original Message- From: Jon.Ridgway [mailto:[EMAIL PROTECTED]] Sent: Monday, September 09, 2002 18:09 To: 'Struts Users Mailing List' Subject: RE: [Tokens][2] Where can I find more information Hi Andrew, Read your post properly this time; umm good point the same key is used and one would over right the over, invalidating the first... So yes it looks like they would interfere... Jon Ridgway -Original Message- From: Jon.Ridgway [mailto:[EMAIL PROTECTED]] Sent: 09 September 2002 11:00 To: 'Struts Users Mailing List' Subject: RE: [Tokens][2] Where can I find more information Hi Andrew, The generateToken method in Action.java generates a unique token each time saveToken is called. Jon Ridgway -Original Message- From: Andrew Hill [mailto:[EMAIL PROTECTED]] Sent: 09 September 2002 10:23 To: Struts Users Mailing List Subject: RE: [Tokens][2] Where can I find more information Hope you will excuse me stealing this topic for a related question - I added a [2] tag to indicate this ;-) As far as I can see the key under which the token is saved is a constant. What happens if another browser window is also open on some other form (in same session) and the user is trying to submit something there to another action that also users tokens. (This is one of those anoying users who opens fifty billion windows and does stuff in one window while waiting for submission / page loading in another window to complete) Wont the two interfere? ie: User fills in form in window A and submits. While waiting for that to complete, user enters stuff in window B (for a different form or record) and submits that. What happens to the tokens here? btw: heres a copy of the msg Michael refers to in the archive (for those who havent time to load the web page) To deal with resubmits
Re: [Tokens][2] Where can I find more information....
Did you check the HttpSession object? Is the session object same or always new? Jon.Ridgway wrote: Hi Kris, The first code snippet below is the correct one (I think??). I think the snippet on Teds site (second snippet below) *may* be wrong... Jon Ridgway -Original Message- From: Dhulipala, Kris [mailto:[EMAIL PROTECTED]] Sent: 09 September 2002 15:34 To: 'Struts Users Mailing List' Subject: RE: [Tokens][2] Where can I find more information I might be mistaken but isn't that what is supposed to happen? snip === if (isTokenValid(request, true)) { System.out.println(TOKEN IS VALID); } else { System.out.println(TOKEN IS NO LONGER VALID); } === Is the above code assumption correct or am I misinterpreting something? Because when I submit add to cart I always jump into the else block! /snip snip if (isTokenValid(request, true)) { ... this is a resubmit, so go display an error ... } /snip Kris -Original Message- From: Michael Delamere [mailto:[EMAIL PROTECTED]] Sent: Monday, September 09, 2002 6:57 AM To: Struts Users Mailing List Subject: Re: [Tokens][2] Where can I find more information I don´t quite agree (sorry) because I want to solve the problem without javascript. I hate javascript and always try to do without it :-) Regards, Michael - Original Message - From: Andrew Hill [EMAIL PROTECTED] To: Struts Users Mailing List [EMAIL PROTECTED] Sent: Monday, September 09, 2002 12:36 PM Subject: RE: [Tokens][2] Where can I find more information I guess the real trick would be to eliminate the users altogether, as they seem to be the source of most problems. hehe. Maybe I should try and divert the [OT] JavaScript auto-submit form thread to this dicussing this idea ;- -Original Message- From: Michael Delamere [mailto:[EMAIL PROTECTED]] Sent: Monday, September 09, 2002 18:40 To: Struts Users Mailing List Subject: Re: [Tokens][2] Where can I find more information Of course its only a problem if one tries to accomodate multitasking users, so if users can be trained not to play silly buggers with multiple windows everything should work fine. Wishful thinking :-) - Original Message - From: Andrew Hill [EMAIL PROTECTED] To: Struts Users Mailing List [EMAIL PROTECTED] Sent: Monday, September 09, 2002 12:21 PM Subject: RE: [Tokens][2] Where can I find more information Yep. Thats what I thought. :-( There are actually quite a few things in struts that seem to have this issue in relation to constant session keys. Single browser window seems to be an assumption most struts apps make, but it would be nice if the framework provided more support for multiple windows (keeping track of which is quite a nightmare!). -Original Message- From: Jon.Ridgway [mailto:[EMAIL PROTECTED]] Sent: Monday, September 09, 2002 18:09 To: 'Struts Users Mailing List' Subject: RE: [Tokens][2] Where can I find more information Hi Andrew, Read your post properly this time; umm good point the same key is used and one would over right the over, invalidating the first... So yes it looks like they would interfere... Jon Ridgway -Original Message- From: Jon.Ridgway [mailto:[EMAIL PROTECTED]] Sent: 09 September 2002 11:00 To: 'Struts Users Mailing List' Subject: RE: [Tokens][2] Where can I find more information Hi Andrew, The generateToken method in Action.java generates a unique token each time saveToken is called. Jon Ridgway -Original Message- From: Andrew Hill [mailto:[EMAIL PROTECTED]] Sent: 09 September 2002 10:23 To: Struts Users Mailing List Subject: RE: [Tokens][2] Where can I find more information Hope you will excuse me stealing this topic for a related question - I added a [2] tag to indicate this ;-) As far as I can see the key under which the token is saved is a constant. What happens if another browser window is also open on some other form (in same session) and the user is trying to submit something there to another action that also users tokens. (This is one of those anoying users who opens fifty billion windows and does stuff in one window while waiting for submission / page loading in another window to complete) Wont the two interfere? ie: User fills in form in window A and submits. While waiting for that to complete, user enters stuff in window B (for a different form or record) and submits that. What happens to the tokens here? btw: heres a copy of the msg Michael refers to in the archive (for those who havent time to load the web page) To deal with resubmits, the most important issue is to avoid updating the database twice when the user accidentally resubmits the same form. Struts has a feature called transaction control tokens that help you avoid this, which is very simply used as follows: * In the Action that sets up your input form (i.e. before you forward
RE: [Tokens][2] Where can I find more information....
As Mozilla is open source, perhaps you could create an extended version of it that supports your requirements and force your users to use that? ;-) -Original Message- From: Eddie Bush [mailto:[EMAIL PROTECTED]] Sent: Monday, September 09, 2002 22:22 To: Struts Users Mailing List Subject: Re: [Tokens][2] Where can I find more information Unfortunately, there isn't always a non-JavaScript solution ;-) What do you do with requirements that can only be implemented with JavaScript? Regards :-) Eddie Michael Delamere wrote: I don´t quite agree (sorry) because I want to solve the problem without javascript. I hate javascript and always try to do without it :-) Regards, Michael -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: RE: Tokens
Jeff, saveToken() - puts a value into the session object keyed under the constant TRANSACTION_TOKEN_KEY. resetToken() - is used to remove the keyed value from the session Any time a struts form is used the tranaction token is embedded as a hidden field in the form. isTokenValid() only returns true if the token in the request matches the token in the session. Hope this helps. -Steve Knee, Jeff [EMAIL PROTECTED] wrote: Matt, The example is a bit oblique to me and the Action classes JavaDoc doesn't elaborate very well... FWIW, I only see it used in EditRegistrationAction SaveRegistrationAction with very little commenting. Is there a different example I shoud or location I should be looking at? However the code comment does say: // Set a transactional control token to prevent double posting Which is one of the things to look at in my evaluation because this was an issue I've had to deal with in all of the Servlet/JSP solutions I've done... Here is my guess as to what it does: Use saveToken() to stash away a hashcode (in the sesssion) of the current request. Use isTokenValid() to see if the saved hashcode matches the current request's hashcode... if so, this is a duplicate post so then the code should somehow produce the same response as last time? (I forget the math term... but basically have f(x) = f(f(x)).) Use resetToken() to remove the hashcode (from the session). (If so, why does it have a request parameter?) Are my assumptions correct? += Jeff Knee -Original Message- From: Matt Raible [mailto:[EMAIL PROTECTED]] Sent: Saturday, December 01, 2001 2:01 AM To: Struts Users Mailing List Subject: Re: Tokens see the example app - they're used to track if the form has already been submitted and such (back button and reload button issues). --- Stanley Struts [EMAIL PROTECTED] wrote: Hi, what are tokens? Do any of you have a link of a page that discusses what are tokens and what is there use? Thanks! :) __ Do You Yahoo!? Buy the perfect holiday gifts at Yahoo! Shopping. http://shopping.yahoo.com -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] __ Do You Yahoo!? Buy the perfect holiday gifts at Yahoo! Shopping. http://shopping.yahoo.com -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- __ Your favorite stores, helpful shopping tools and great gift ideas. Experience the convenience of buying online with Shop@Netscape! http://shopnow.netscape.com/ Get your own FREE, personal Netscape Mail account today at http://webmail.netscape.com/ -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: Tokens
see the example app - they're used to track if the form has already been submitted and such (back button and reload button issues). --- Stanley Struts [EMAIL PROTECTED] wrote: Hi, what are tokens? Do any of you have a link of a page that discusses what are tokens and what is there use? Thanks! :) __ Do You Yahoo!? Buy the perfect holiday gifts at Yahoo! Shopping. http://shopping.yahoo.com -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] __ Do You Yahoo!? Buy the perfect holiday gifts at Yahoo! Shopping. http://shopping.yahoo.com -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: Tokens?
Title: Message one would typically use tokens as a means to prevent the user from submitting a page twice when it is undesirable to do so...if u would like more info and some examples let me know -Original Message-From: Steven Leija [mailto:[EMAIL PROTECTED]]Sent: Wednesday, August 29, 2001 5:24 PMTo: 'Struts ([EMAIL PROTECTED])'Subject: Tokens? Hello All, I'm going over the Action javadocs and came across several methods that use the keyword of "token". The docs aren't very intuitive on what exactly defines a token. What do the token methods do? generateToken() resetToken() saveToken() isTokenValid() Have a good one, Steven ** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote also confirms that this email message has been swept by MIMEsweeper for the presence of computer viruses. www.mimesweeper.com **
RE: Tokens?
I'm interested for the code. Can you send me an examples please. Thank you very much -Original Message- From: Dudley Butt@i-Commerce Sent: Thu 8/30/2001 10:45 AM To: '[EMAIL PROTECTED]' Cc: Subject: RE: Tokens? one would typically use tokens as a means to prevent the user from submitting a page twice when it is undesirable to do so...if u would like more info and some examples let me know -Original Message- From: Steven Leija [mailto:[EMAIL PROTECTED]] Sent: Wednesday, August 29, 2001 5:24 PM To: 'Struts ([EMAIL PROTECTED])' Subject: Tokens? Hello All, I'm going over the Action javadocs and came across several methods that use the keyword of token. The docs aren't very intuitive on what exactly defines a token. What do the token methods do? generateToken() resetToken() saveToken() isTokenValid() Have a good one, Steven ** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote also confirms that this email message has been swept by MIMEsweeper for the presence of computer viruses. www.mimesweeper.com ** winmail.dat