-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Alaska,
Alaska Winter wrote: | what happens if user hits the back button to catalogue. Perfectly valid | thing to do. If they submit an old (expired) token, then you simply ignore the request. You will probably want to notify them why the request was ignored. But in this case, there has been a new roundtrip to the server, giving you the opportunity to put the new (valid) token into the session. Another option (which I favor to avoid this type of problem) is to redirect the client after any operation that should not be accidentally repeatable. - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAke9iOUACgkQ9CaO5/Lv0PC7IQCeMsKaw20J6UhzCTauQsCBg/t+ BO0AnAzHLGXVzgCJsz+qQ9EmWgA5X5nh =uSQx -----END PGP SIGNATURE----- --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]