-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Alaska,
Alaska Winter wrote:
| what happens if user hits the back button to catalogue. Perfectly valid
| thing to do.
If they submit an old (expired) token, then you simply ignore the
request. You will probably want to notify them why the request w
i think I understand:
-- generate unique token=xyz123 and store in the session
-- generated catalogue content so that addToCart url's look like this in the
html source:
http://my.domain.com/addToCart.do?itemId=HB0019?token=xyz123
-- when users adds an item to the cart, check form data token against
Alaska Winter wrote:
I would add a one time token to the request.
Do you mean on the client side using javascript or something?
Nope... just either a hidden field in the form or if you are building
URLs w/ parameters, just add it in. Very simple stuff.
1. tomcat receive's request
>
> > I would add a one time token to the request.
>
Do you mean on the client side using javascript or something?
Another suggestion: The HTML spec recommends using "POST" instead of
"GET" for a form operation that changes something on the server. If a
user refreshes the page the browser will post a warning before
re-submitting the POST request. That may not be enough of a safeguard
in your situation but it's
I would add a one time token to the request. Store it in the session
and when it comes back, the request is good. Immediately generate a new
token, process the request and send back the response. If an
unrecognized value comes in, treat the request as a default page/catalog
view.
--David
Hi,
If a user adds an item to his/her shopping cart using form data like this:
http://my.domain.com/addToCart.do?itemId=HB0019
How can I determine if it was generated from user clicking an add-to-cart
link vs. a browser refresh?
I don't want to increment the quantity in the cart for this item if th