EditRegistrationAction.java SaveRegistrationAction.java
provide examples.
You would probably never use generateToken().
It is used whenever you want to prevent the user
from bookmarking a page, or from using the browser
back arrow and then posting a second time.
In the EditRegistrationAction, once the data is loaded
from a database a call to saveToken() is made. It should
probably be named 'setToken()' to be consistent with
'resetToken()'. This sets a variable in both the session
and request scope of the app. Control is then forwarded
to the edit jsp. When the user 'posts' the page the
Token is validated in SaveRegistrationPage, then it is
destroyed by the 'resetToken call. Then the next page is
'forwarded' to. If at this time the user hits the 'back'
button and hits 'post' again, when SaveRegistrationAction
checks to see if the token is valids it finds can find
one of two things:
1) Either the 'Token' variable didn't exist in the session scope.
This happen if 'resetToken' was the last method called
2) Or it will find that the "request" and "session" scope Token do not
match.
This happen if 'saveToken' was the last method called.
Alexander Staff wrote:
>
> Hello,
> does anyone here have any examples/explanations about using the
> TRANSACTION_TOKEN_KEY feature in struts ?
> I am not sure using the generateToken(), isTokenValid(), resetToken() and
> saveToken() functions properly and in the right place.
>
> Thanks in advance
> Ciao
> Alexander
>
> --
> Sent through GMX FreeMail - http://www.gmx.net
