I am attempting to use the synchronizer token in a DispatchAction. I have two methods view() and update(). When the user first enters the page they will be calling view() Once the response page has loaded and they submit the form in the page it will call update(). I cant seem to get the token working right. It is always invalid? Basically I have the following:
External action calls MyAction.do?method=view public ActionForward view(ActionMapping mapping, ActionForm form, HttpServletRequest request, HttpServletResponse response) { ... Some code ... saveToken(request); ...Some other code ... } Response sends MyPage.jsp with a form in it and the <input type="hidden" name="token"> piece in the jsp. I enter data in the form and hit submit which calls MyAction.do?method=update public ActionForward update(ActionMapping mapping, ActionForm form, HttpServletRequest request, HttpServletResponse response) { ... Some code ... saveToken(request); if (!isTokenValid(request)) { System.out.println("TOKEN INVALID!"); ActionForward forwardTo = view(mapping, form, request, response); return forwardTo; } else { System.out.println("TOKEN IS VALID. CONTINUING!"); resetToken(request); } ...Some other code ... } What I want is to keep a user from updating the form again by hitting the refresh button. But it is ok to resubmit the form with new data (that validation will be handled client side). What am I missing?? Dave Patton