1 javascript, set a variable and only allow submission once.
<script language="javascript">
var checkSubmitFlg = false;
function checkSubmit() {
if (checkSubmitFlg == true) {
return false;
}
checkSubmitFlg = true;
return true;
}
document.ondblclick = function docondblclick() {
window.event .returnValue = false;
}
document.onclick = function doconclick() {
if (checkSubmitFlg) {
window.event.returnValue = false;
}
}
</script>
<html:form action="myAction.do" method="post" onsubmit="return checkSubmit();">
2 Still using javascript, set the submit button or image to disable
<html:form action="myAction.do" method ="post"
onsubmit="getElById('submitInput').disabled = true; return true;">
<html:image styleId="submitInput" src="images/ok_b.gif" border="0" />
</ html:form>
3 Use the synchronization token mechanism of struts
to solve the problem of repeated submissions in web applications. Struts also provides a reference implementation.
Basic principle:
Before processing an incoming request, the server will compare the token value contained in the request with the token value saved in the current user session to see if there is a match. After the request is processed and before the reply is sent to the client, a new token will be generated. In addition to being passed to the client, this token will also replace the old token saved in the user session. In this way, if the user returns to the previous submission page and submits again, the token passed by the client will be inconsistent with the token on the server side, thus effectively preventing repeated submissions.
if (isTokenValid(request, true)) {
// your code here
return mapping.findForward("success");
} else {
saveToken(request);
return mapping.findForward("submitagain");
}
Struts based on the user session ID and The current system time is used to generate a unique (for each session) token. For specific implementation, please refer to the generateToken() method in the TokenProcessor class.
1. //Verify the transaction control token. <html:form> will automatically generate an implicit input representative token based on the identifier in the session to prevent double submission.
2. In the action:
//<input type="hidden" name ="org.apache.struts.taglib.html.TOKEN"
// value="6aa35341f25184fd996c4c918255c3ae">
if (!isTokenValid(request))
errors.add(ActionErrors.GLOBAL_ERROR,
new ActionError("error.transaction.token")) ;
resetToken(request); //Delete the token in session
3. Action has a method to generate token
protected String generateToken(HttpServletRequest request) {
HttpSession session = request.getSession();
try {
byte id[] = session .getId().getBytes();
byte now[] =
new Long(System.currentTimeMillis()).toString().getBytes();
MessageDigest md = MessageDigest.getInstance("MD5");
md.update(id) ;
md.update(now);
return (toHex(md.digest()));
} catch (IllegalStateException e) {
return (null);
} catch (NoSuchAlgorithmException e) {
return (null);
}
}