I think you will end up needing both the JavaScript and some server-side
check because there are actually two problems you are facing. The first
is if a panicky user repeatedly hits the 'Submit' button, sending multiple
requests to the server. This is the "race" condition you describe. It's
a pr
>>Works well when deployed in a trusted environment
>like intranet. (But
>>no server side protection...)
>
>You *always* need server side checking, even >in
"trusted" environments.
>Client side checking is a luxury for the user,
>nothing more.
Agree :-)
>
>>-There is no way to avoid ActionForm
Hi all thanks for your answers.
I was indeed talking about ActionForm (sorry we use
to call that a bean here :-)).
What I understand from our discussion is:
-Thant I Can use javascript to avoid duplicate submit:
Works well when deployed in a trusted environment like
intranet. (But no server s
Hi all thanks for your answers.
I was indeed talking about ActionForm (sorry we use
to call that a bean here :-)).
What I understand from our discussion is:
-Thant I Can use javascript to avoid duplicate submit:
Works well when deployed in a trusted environment like
intranet. (But no serv
- Original Message -
From: "David Gagnon" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, June 17, 2003 3:23 PM
Subject: Re: Token in struts and session bean problem with the framework
?
>
> > >It's up to your Action to call the t
Does anyone know if we can automatically do these
checks now with the framework.
It is possible I am being too naive about this
functionality, but thought I should ask.
sandeep
--- David Graham <[EMAIL PROTECTED]> wrote:
>
> > > >It's up to your Action to call the token
> methods to
> > > >valid
This is very interesting and something I never thought
about.
Only one call to the back-end will ever be made, since
the token will be invalid.
You should check the token before the populate maybe?
I think it is the populate that is screwing up things.
Another reason to use form fields for all
You should use JavaScript to solve this.
Here's a sample function.
var bAlreadySubmitted = false;
function isAlreadySubmitted()
{
if (document.forms[0].elements[14].style) {
document.forms[0].elements[14].style.visibility='hidden';
}
if (!bAlreadySub
> >It's up to your Action to call the token methods to
> >validate the token and
> >forward the user to an appropriate page.
> >
>
I know, maybe I wasn't clear enough .. sorry :-)
What I'm saying is that if you use a
session bean, the content is modified even though the
token is invalid.. I thin
> >It's up to your Action to call the token methods to
> >validate the token and
> >forward the user to an appropriate page.
> >
>
I know, maybe I wasn't clear enough .. sorry :-)
What I'm saying is that if you use a
session bean, the content is modified even though the
token is invalid.. I
It's up to your Action to call the token methods to validate the token and
forward the user to an appropriate page.
David
Hi all,
If you have a session bean and you are using the
token framework to protect yourself again multiple
submit...
Let say a request with a bad token is post to th
Hi all,
If you have a session bean and you are using the
token framework to protect yourself again multiple
submit...
Let say a request with a bad token is post to the
server. The bean will be populated right ... even
if
the token is not valid. Is struts offers support to
che
Struts puts a locale attribute in the session, but that should remain
for the duration of the user's session. It's not something you should
worry about cleaning up. The container will take care of it when the
session times-out.
If you put an ActionForm in the session (not really recommended any
[mailto:[EMAIL PROTECTED]
Sent: Thursday, April 03, 2003 1:24 PM
To: [EMAIL PROTECTED]
Subject: Struts and session cleanup
Hi,
Can any one suggest what is the best practise for session clean up ? In
my opinion, Struts makes session clean up a mess. I understand that I can
use "scope" fo
Hi,
Can any one suggest what is the best practise for session clean up ? In
my opinion, Struts makes session clean up a mess. I understand that I can
use "scope" for session data. But, for global sessions, what is the good way
to clean sessions ?
Thanks,
_
Let's say I have the session timeout set to 2 minutes.
I have a struts action called before displaying a jsp.
If the processing of the struts action takes more than 2 minutes, can the session
timeout before the jsp is displayed?
Thanks,
Aymeric.
On Wed, 8 Jan 2003 [EMAIL PROTECTED] wrote:
> Date: Wed, 8 Jan 2003 09:32:39 +
> From: [EMAIL PROTECTED]
> Reply-To: Struts Users Mailing List <[EMAIL PROTECTED]>
> To: [EMAIL PROTECTED]
> Subject: struts and session size
>
> I'm a newb to struts, investig
Afaik - you have to remove it yourself (in your action generally) when you
have finished with it.
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, January 08, 2003 22:28
To: Struts Users Mailing List
Subject: Re: struts and session size
The one
ssion?
-Jordan
- Original Message -
From: <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, January 08, 2003 1:32 AM
Subject: struts and session size
> I'm a newb to struts, investigating it as a replacement to our home-grown
> framework. The big issues we&#x
george
I never had to solve the problem but I believe that maintaining a
session across machines can be problematic , at least with tomcat
3.*... Sorry i can be much help in a detailed way becuase I've never
tested this.. It could be nonesense, i'm not sure.. I'm sure they'll be
some package t
I'm aware that the developers USING struts have to be careful about how
much they put into session. We can control this. What I'm concerned about
is how much struts might be doing on its own, such as storing the locale.
A few things stored in session is ok, especially if they don't change with
ev
How many "things" you put in the session is up to you.. You basically
make strutures (arrays, maps and such forth) available to your
presentation layer by putting into the session, request or application
scope depending on what your "things" have to do..
Issues relating to session will have mo
I'm a newb to struts, investigating it as a replacement to our home-grown
framework. The big issues we're dealing with are scalability and fail-over
support. The combination of the two issues require that the session size
and number of objects remain small (and generally immutable) for
serializat
n as you have access to ActionMApping object
>
> there...
>
> regards,
> Shirish
>
> -Original Message-
> From: justin-struts [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, December 17, 2002 5:16 PM
> To: struts-user
> Cc: justin-struts
> Subject: Re: Str
esday, December 17, 2002 11:16 AM
To: 'Struts Users Mailing List'
Subject: Re: Struts and session
Hi Doug,
The filter does work with Struts - it just doesn't make use of it. Your
request goes through the filter even before the Struts ActionServlet is
invoked, so all of this happens
have access to ActionMApping object
there...
regards,
Shirish
-Original Message-
From: justin-struts [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, December 17, 2002 5:16 PM
To: struts-user
Cc: justin-struts
Subject: Re: Struts and session
Hi Doug,
The filter does work with Struts - it just
rs Mailing List" <[EMAIL PROTECTED]>
Sent: Tuesday, December 17, 2002 11:04 AM
Subject: Re: Struts and session
>
> Justin:
>
> Thank you for reply.
> That's a good idea. One more question, can filter works with struts?
> Doug
> Justin Ashworth <[EMAIL PRO
Doug Ogateter wrote:
> Thank you for reply.
> That's a good idea. One more question, can filter works with struts?
It's not about Struts, it's about your web container. Filters are hit before each and
every request, so they happen before any Struts components, servlets, or whatnot are
ever rea
hat back to the login
screen so that they go directly to it after login. I can't give an example
of this because we haven't implemented it yet.
HTH,
Justin
- Original Message -
From: "Doug Ogateter"
To: "Struts Users Mailing List"
Sent: Tuesday, December
example
of this because we haven't implemented it yet.
HTH,
Justin
- Original Message -
From: "Doug Ogateter" <[EMAIL PROTECTED]>
To: "Struts Users Mailing List" <[EMAIL PROTECTED]>
Sent: Tuesday, December 17, 2002 9:26 AM
Subject: Struts and session
>
To: struts-user
Cc: hinbsls
Subject: Struts and session
Greetings:
I am using struts1.1b2 to implement a web application. I have a
question regarding to implementing session timeout. When session is
invalidated, user who has logged in the system should be forwarded to login
page.
I am not clear ab
Greetings:
I am using struts1.1b2 to implement a web application. I have a
question regarding to implementing session timeout. When session is
invalidated, user who has logged in the system should be forwarded to login page.
I am not clear about the followings, and hope someone can help me out
Servlet spec and/or the Servlet 2.3 Javadocs.
-Original Message-
From: Doug Ogateter [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, December 17, 2002 12:33 AM
To: Struts Users Mailing List
Subject: Struts and session
Greetings:
I am using struts1.1b2 to implement a web application. I have a
Greetings:
I am using struts1.1b2 to implement a web application. I have a question regarding to
implementing session timeout. When session is invalidated, user who has logged in the
system should be forwarded to login page. I am not clear about the followings, and
hope someone can help me out.
34 matches
Mail list logo
