At 07:27 AM 6/21/2004, mike wrote:
You need to just look at the code and get the idea. The idea is that you have to have tokens that match. One token is kept in the session. Another token is kept in the request. The Action class has three methods that are important: isTokenValid(request), resetToken(request) and saveToken(request). When you are going to a page that has a form you want to protect, you need to run it through an action and call the saveToken method. This puts a token into the session. You cannot put a token into the request from the Action class. When you do this, IF YOU USE , the token gets put into the request as a HIDDEN FORM FIELD. AFter you check whether a token is valid, you should reset the token. There are lots of good explanations of this in more detail. On tokens, I recommend the one in "The Struts Framework: Practical Guide for Programmers", by Sue Spielman. Sue is a great teacher, as are other authors of Struts books. Michael At 11:45 PM 6/20/2004, [EMAIL PROTECTED] wrote: >Hi Mike, > >We are aware that the transactional token needs to be used for this purpose. >But we don't know the details thereof. >Need some more info on that. >Searched a lot but could not find any details. >Had tried the resetToken method of the Action class but nothing happened. > >Suhash > > >mike > >06/21/2004 12:02 PM >Please respond to >"Struts Users Mailing List" > >To >"Struts Users Mailing List" , "Struts Users >Mailing List" >cc >Subject >Re: How to handle refresh > > > > >This is somewhat impossible to answer without more information, but the >basic Idea is probably to not allow records to be saved with a refresh or a >resubmittal of a form through the use of a token in your action classes. > >At 11:22 PM 6/20/2004, [EMAIL PROTECTED] wrote: > > >Hi all, > > > > We wish to customise the behaviour of IE refresh by just making > > it fetch the latest data from the db. > > It works fine in list and edit screens where the last action > > was a fetch. > > But if the user has previously saved a record, refresh causes > > the save action to be executed once again, contrary to what we wish to > > achieve. > > Is there any way in which we customise this behaviour? > > > > > >TIA, > > > >Suhash > > > >--------------------------- ------------------------------------------ > >To unsubscribe, e-mail: [EMAIL PROTECTED] > >For additional commands, e-mail: [EMAIL PROTECTED] > >ForwardSourceID:NT000056BE > >-------------- ------------------------------------------------------- >To unsubscribe, e-mail: [EMAIL PROTECTED] >For additional commands, e-mail: [EMAIL PROTECTED]
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
