I typically save the token in the action responsible for forwarding to the page that displays the form. Then the action that reads the form data can check the token and re-save (and forward to the input page) if the user needs to retry a failed request (not validation related).
-----Original Message----- From: Derrick Koes [mailto:[EMAIL PROTECTED] Sent: Tuesday, April 19, 2005 11:23 AM To: [EMAIL PROTECTED] Subject: Token question if (null == request.getParameter(Constants.TOKEN_KEY)) { saveToken(request); } else { if (!isTokenValid(request, true)) { response.sendError(HttpServletResponse.SC_CONFLICT, "The request received was out of sequence, perhaps due to a second submit, refresh, or unexpected post data."); return null; } } I have this code in my execute method. The request won't have a token unless it is a form submission. Therefore, I think I can safely get away with this code. Is this true? I believe using tokens is the preferred way to handle duplicate form submits. However, I'm not clear on the best way to do this. Thanks, Derrick --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
