I post this message because I did not found any doc about the createToken, isTokenValid, resetToken API. So I will explain what I understood about it from the struts-exemple if something is wrong, I would like that someone will say to me and if there is some doc tell me where ...
The token API is created to avoid that the user to submlit twice the same form. It is used with one ActionForm and two Action: - the SomethingForm which contain the user's input - the EditSomethingAction which populate the SomethingForm from the DB or clear all the field if it is a create Case - the SaveSomethingAction which save the SomethingForm in the DB To avoid that the user call submit twice the SomethingForm and save twice the same data in the DB, the struts framework propse the xxxToken API. It is used as following in EditSomethingAction, make a call to createToken(request) and that all ! in SaveSomethingAction, make a call to isTokenValid(request) and resetToken(request) as in the following algorithm if ( ! isTokenValid(request) ) { /* * return forward towards an error page * saying to the user that he has submit twice * or * forward toward the succes page if we don't want the user see anithing */ } else { /* * process the save in the DB */ if ( allTheSaveHasSucceed ) { resetToken(request) ; } } You much take care that there is only one token in the session so that this process can't support nested transactions. So you should keep simple use of it. The same API can be used to avoid that the user click twice on a link by setting the 'transaction' attribute at "true" of the <html:link> tag the Action called by the link should follow the same process than SaveSomethingAction -- To unsubscribe, e-mail: <mailto:struts-user-unsubscribe@;jakarta.apache.org> For additional commands, e-mail: <mailto:struts-user-help@;jakarta.apache.org>