The back button problem is standard. You need to use a token to prevent sensitive form resubmission. This is documented in Geary's Advanced JSP book and Core J2EEE patterns. They are both put out by Sun. In short, tokens allow you to determine whether the page should be processed in the normal way. You include a token in the request and save a copy in the session. When the page is submitted, you check that they match. If so, you can do normal processing. If not, you need to decide what to do. Struts supports tokens, but the implementation is opaque (IMHO). Geary's book provides a good treatment. However, there is an error in the code he uses to check tokens (don't have book in front right now, so can't spell it out). I think he does not check all the cases he says he does. At any rate, the code is in the book for the test tokens tag he develops. Even if you used the Struts implementation, you would have to use his logic. Bud -- _______________________________________ Bud Gibson e-Lab Czar Assistant Professor University of Michigan Business School 701 Tappan Street, C2424 Ann Arbor, MI 48109-1234 ph: 734\647-9200 fax: 734\764-3240 [EMAIL PROTECTED]
