I am attempting to use the synchronizer token in a DispatchAction. I
have two methods view() and update(). When the user first enters the
page they will be calling view() Once the response page has loaded and
they submit the form in the page it will call update(). I cant seem to
get the token working right. It is always invalid? Basically I have
the following:
External action calls MyAction.do?method=view
public ActionForward view(ActionMapping mapping,
ActionForm form,
HttpServletRequest request,
HttpServletResponse response)
{
... Some code ...
saveToken(request);
...Some other code ...
}
Response sends MyPage.jsp with a form in it and the <input type="hidden"
name="token"> piece in the jsp. I enter data in the form and hit
submit which calls MyAction.do?method=update
public ActionForward update(ActionMapping mapping,
ActionForm form,
HttpServletRequest request,
HttpServletResponse response)
{
... Some code ...
saveToken(request);
if (!isTokenValid(request))
{
System.out.println("TOKEN INVALID!");
ActionForward forwardTo = view(mapping, form, request,
response);
return forwardTo;
}
else
{
System.out.println("TOKEN IS VALID. CONTINUING!");
resetToken(request);
}
...Some other code ...
}
What I want is to keep a user from updating the form again by hitting
the refresh button. But it is ok to resubmit the form with new data
(that validation will be handled client side).
What am I missing??
Dave Patton
