token is saved if checking is OK.
saveMessages (request, actionMessages);
saveToken(request);
addUserProfileForm.reset(mapping, request);
return mapping.findForward("success");
I add saveToken() right after resetToken() in order to do testing.
The result is the same.
As you describe in step 5, a new token is generated.
So the token becomes eventually.
Actually, it is a another duplicated submission.
On Sat, 28 Aug 2004 21:50:18 +1200, Jason Lea <[EMAIL PROTECTED]> wrote:
> do you call saveToken() anywhere? After the resetToken() perhaps?
>
> It sounds like the following is happening:
>
> 1. server generates page with token A, page with token A submitted
> 2. token A is valid, record saved, tokenReset() called, saveToken()
> called creating token B
> 3. user presses back button, and resubmits old form with old token A
> 4. old token A does not match token B in session, user redirected to
> "failure"
> 5. server generates new page with token in session (token B)
> 6. user submits page with token B, which is accepted with new token B
> stored in session
>
> Perhaps you could post more of your action where you have anything that
> uses/resets tokens?
>
>
>
> PC Leung wrote:
>
> >When a page is displayed with a token,
> >data is inputted into the form.
> >Clicking the submit button will save a record.
> >Then click back previous page.
> >Click the submit button again.
> >Invalid token is detected as expected
> >Error message displays on top of the page.
> >However I find the token is changed.
> >Data is still there.
> >
> >At this time, click the submit button once more.
> >It will go to next page and save a record.
> >The token becomes valid this time.
> >
> >Why is this so?
> >
> >Inside DispatchAction:
> > if (!isTokenValid(request)) {
> > errors.add(ActionErrors.GLOBAL_ERROR,
> > new ActionError("error.transaction.token"));
> > saveErrors(request, errors);
> > return mapping.findForward("failure");
> > }
> > resetToken(request);
> >
> >Inside struts-config.xml:
> > <action path="/addUserProfile"
> > type="com.erp.quotation.AddUserProfileDispatchAction"
> > name="addUserProfileForm"
> > scope="request"
> > validate="true"
> > parameter="method"
> > input="/AddUserProfile.jsp">
> > <forward name="success" path="/AddUserProfile.jsp"/>
> > <forward name="failure" path="/AddUserProfile.jsp"/>
> > <forward name="cancel" path="/UserMaint.jsp"/>
> > </action>
> >
> >---------------------------------------------------------------------
> >To unsubscribe, e-mail: [EMAIL PROTECTED]
> >For additional commands, e-mail: [EMAIL PROTECTED]
> >
> >
> >
> >
>
> --
> Jason Lea
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
