If the token is invalid you tell the User that they might have attempted multiple submissions etc via an error page
Manglu
Joshua White wrote:
And if the token is not valide, do you redirect them to an error page?
manglu <[EMAIL PROTECTED]> wrote: The Trans token is fairly SImple
Before a form is sent to the User in your action class make a saveToken(request) call. When the form is displayed on the client side there is a token attached which is sent along with the form on a submit by the Client
When a call is received the token (sent by the Client) is compared with it's contents in Session
via the isValidToken() which return true if there is a match else it returns false.
In summary
before sending form to user issue saveToken(request)
and before processing issue a isValidToken() to see if the token is valid
HTH
Manglu
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
