Hello, Forgive me for bringing up what seems to be a topic that's been discussed here a lot: Issues with the back button.
I am using the token mechanism to prevent multiple form submits. My jsp is invoked with a ForwardAction where I set the token. The jsp submits to an action that checks if the token is valid. So far, so good. That works like a charm. The problem, as is extensively pointed out in documentation everywhere, is that there is nothing to prevent the user from hitting the browser back button and submitting the form again. If the user hasn't changed anything on the form then the resulting behavior (action class rejects the submit because the token isn't valid anymore) is exactly what I want. Where this scenario falls apart, though, is if the user changes some of the values on the form before submitting the form again. At this point, the logical thing (at least in the user's mind) is that the submit should be accepted. However, the action will still think the token is invalid (because it was never reset by the ForwardAction) and will therefore reject the submittal. OK, I understand why/how all this happens. My question is, how are others dealing with this? This is a pretty basic scenario that I'm sure anyone who has done Struts development has run into. What are some of the solutions you've come up with? I know I can put some text on the page(s) warning user NOT to use the back button but there is no guarantee that they'll pay attention. I can also put some script that sets some hidden field value whenever any input field on the form changes. However, that will kind of conflict with the token mechanism and maybe even eliminate the need for the token mechanism. The problem with that is ... what if user has Java Script turned off. Any feedback will be appreciated. -- View this message in context: http://www.nabble.com/New-twist-on-old-topic--Back-button-issue-with-Token-tf2382440.html#a6639844 Sent from the Struts - User mailing list archive at Nabble.com. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
