token is saved if checking is OK. saveMessages (request, actionMessages); saveToken(request); addUserProfileForm.reset(mapping, request); return mapping.findForward("success");
I add saveToken() right after resetToken() in order to do testing. The result is the same. As you describe in step 5, a new token is generated. So the token becomes eventually. Actually, it is a another duplicated submission. On Sat, 28 Aug 2004 21:50:18 +1200, Jason Lea <[EMAIL PROTECTED]> wrote: > do you call saveToken() anywhere? After the resetToken() perhaps? > > It sounds like the following is happening: > > 1. server generates page with token A, page with token A submitted > 2. token A is valid, record saved, tokenReset() called, saveToken() > called creating token B > 3. user presses back button, and resubmits old form with old token A > 4. old token A does not match token B in session, user redirected to > "failure" > 5. server generates new page with token in session (token B) > 6. user submits page with token B, which is accepted with new token B > stored in session > > Perhaps you could post more of your action where you have anything that > uses/resets tokens? > > > > PC Leung wrote: > > >When a page is displayed with a token, > >data is inputted into the form. > >Clicking the submit button will save a record. > >Then click back previous page. > >Click the submit button again. > >Invalid token is detected as expected > >Error message displays on top of the page. > >However I find the token is changed. > >Data is still there. > > > >At this time, click the submit button once more. > >It will go to next page and save a record. > >The token becomes valid this time. > > > >Why is this so? > > > >Inside DispatchAction: > > if (!isTokenValid(request)) { > > errors.add(ActionErrors.GLOBAL_ERROR, > > new ActionError("error.transaction.token")); > > saveErrors(request, errors); > > return mapping.findForward("failure"); > > } > > resetToken(request); > > > >Inside struts-config.xml: > > <action path="/addUserProfile" > > type="com.erp.quotation.AddUserProfileDispatchAction" > > name="addUserProfileForm" > > scope="request" > > validate="true" > > parameter="method" > > input="/AddUserProfile.jsp"> > > <forward name="success" path="/AddUserProfile.jsp"/> > > <forward name="failure" path="/AddUserProfile.jsp"/> > > <forward name="cancel" path="/UserMaint.jsp"/> > > </action> > > > >--------------------------------------------------------------------- > >To unsubscribe, e-mail: [EMAIL PROTECTED] > >For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > > > -- > Jason Lea > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]