And if the token is not valide, do you redirect them to an error page?
manglu <[EMAIL PROTECTED]> wrote: The Trans token is fairly SImple Before a form is sent to the User in your action class make a saveToken(request) call. When the form is displayed on the client side there is a token attached which is sent along with the form on a submit by the Client When a call is received the token (sent by the Client) is compared with it's contents in Session via the isValidToken() which return true if there is a match else it returns false. In summary before sending form to user issue saveToken(request) and before processing issue a isValidToken() to see if the token is valid HTH Manglu --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]