Solution 1) PRG (Post/Redirect/Get) Pattern
http://en.wikipedia.org/wiki/Post/Redirect/Get
Solution 2) Synchronizer Token Pattern (From book "java/j2ee interview")
The basic idea of this pattern is to set a use once only token in a “session”, when a form is requested and the
token is stored in the form as a hidden field. When you submit the form the token in the request (i.e. due to hidden field) is compared with the token in the session. If tokens match, then reset the token in the session to null or increment it to a different value and proceed with the model & database update. If you inadvertently resubmit the form by clicking the refresh button, the request processing servlet (i.e. PurchaseServlet) first tests for the presence of a valid token in the request parameter by comparing it with the one stored in the session. Since the token was reset in the first submit, the token in the request (i.e 123) would not match with the token in the session (i.e. null or 124). Since the tokens do not match, an alternate course of action is taken like forwarding to an error.jsp page.
No comments:
Post a Comment