struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jon.Ridgway" <Jon.Ridg...@upco.co.uk>
Subject RE: [Tokens][2] Where can I find more information....
Date Mon, 09 Sep 2002 14:48:31 GMT
Hi Kris,

The first code snippet below is the correct one (I think??). I think the
snippet on Teds site (second snippet below) *may* be wrong...

Jon Ridgway


-----Original Message-----
From: Dhulipala, Kris [mailto:Kris.Dhulipala@roadway.com] 
Sent: 09 September 2002 15:34
To: 'Struts Users Mailing List'
Subject: RE: [Tokens][2] Where can I find more information....

I might be mistaken but isn't that what is supposed to happen?
<snip>
> > ===============================
> > if (isTokenValid(request, true)) {
> >    System.out.println("TOKEN IS VALID");
> >   }
> >   else {
> >    System.out.println("TOKEN IS NO LONGER VALID");
> >   }
> > ===============================
> >
> > Is the above code assumption correct or am I misinterpreting something?
> > Because when I submit "add to cart"  I always jump into the else block!
</snip>

<snip>
>     if (isTokenValid(request, true)) {
>       ... this is a resubmit, so go display an error ...
>     }
>
</snip>
Kris


-----Original Message-----
From: Michael Delamere [mailto:home@michael-delamere.de]
Sent: Monday, September 09, 2002 6:57 AM
To: Struts Users Mailing List
Subject: Re: [Tokens][2] Where can I find more information....


I don´t quite agree (sorry) because I want to solve the problem without
javascript.  I hate javascript and always try to do without it :-)

Regards,

Michael


----- Original Message -----
From: "Andrew Hill" <andrew.david.hill@gridnode.com>
To: "Struts Users Mailing List" <struts-user@jakarta.apache.org>
Sent: Monday, September 09, 2002 12:36 PM
Subject: RE: [Tokens][2] Where can I find more information....


> I guess the real trick would be to eliminate the users altogether, as they
> seem to be the source of most problems.
> hehe. Maybe I should try and divert the "[OT] JavaScript auto-submit form"
> thread to this dicussing this idea ;->
>
> -----Original Message-----
> From: Michael Delamere [mailto:home@michael-delamere.de]
> Sent: Monday, September 09, 2002 18:40
> To: Struts Users Mailing List
> Subject: Re: [Tokens][2] Where can I find more information....
>
>
> > Of course its only a problem if one tries to accomodate multitasking
> users,
> > so if users can be trained not to play silly buggers with multiple
windows
> > everything should work fine.
>
> Wishful thinking.... :-)
>
>
> ----- Original Message -----
> From: "Andrew Hill" <andrew.david.hill@gridnode.com>
> To: "Struts Users Mailing List" <struts-user@jakarta.apache.org>
> Sent: Monday, September 09, 2002 12:21 PM
> Subject: RE: [Tokens][2] Where can I find more information....
>
>
> > Yep. Thats what I thought. :-(
> > There are actually quite a few things in struts that seem to have this
> issue
> > in relation to constant session keys.
>
>
> > Single browser window seems to be an assumption most struts apps make,
but
> > it would be nice if the framework provided more support for multiple
> windows
> > (keeping track of which is quite a nightmare!).
> >
> > -----Original Message-----
> > From: Jon.Ridgway [mailto:Jon.Ridgway@upco.co.uk]
> > Sent: Monday, September 09, 2002 18:09
> > To: 'Struts Users Mailing List'
> > Subject: RE: [Tokens][2] Where can I find more information....
> >
> >
> > Hi Andrew,
> >
> > Read your post properly this time; umm good point the same key is used
and
> > one would over right the over, invalidating the first... So yes it looks
> > like they would interfere...
> >
> > Jon Ridgway
> >
> >
> > -----Original Message-----
> > From: Jon.Ridgway [mailto:Jon.Ridgway@upco.co.uk]
> > Sent: 09 September 2002 11:00
> > To: 'Struts Users Mailing List'
> > Subject: RE: [Tokens][2] Where can I find more information....
> >
> > Hi Andrew,
> >
> > The generateToken method in Action.java generates a unique token each
time
> > saveToken is called.
> >
> > Jon Ridgway
> >
> >
> > -----Original Message-----
> > From: Andrew Hill [mailto:andrew.david.hill@gridnode.com]
> > Sent: 09 September 2002 10:23
> > To: Struts Users Mailing List
> > Subject: RE: [Tokens][2] Where can I find more information....
> >
> > Hope you will excuse me stealing this topic for a related question - I
> added
> > a [2] tag to indicate this ;-)
> >
> > As far as I can see the key under which the token is saved is a
constant.
> > What happens if another browser window is also open on some other form
(in
> > same session) and the user is trying to submit something there to
another
> > action that also users tokens. (This is one of those anoying users who
> opens
> > fifty billion windows and does stuff in one window while waiting for
> > submission / page loading in another window to complete)
> >
> > Wont the two interfere?
> >
> > ie:
> > User fills in form in window A and submits.
> > While waiting for that to complete, user enters stuff in window B (for a
> > different form or record) and submits that.
> > What happens to the tokens here?
> >
> >
> > btw: heres a copy of the msg Michael refers to in the archive (for those
> who
> > havent time to load the web page)
> > > To deal with resubmits, the most important issue is to avoid updating
> the
> > > database twice when the user accidentally resubmits the same form.
> Struts
> > > has a feature called "transaction control tokens" that help you avoid
> > > this, which is very simply used as follows:
> > >
> > > * In the Action that sets up your input form (i.e. before you forward
> > >   to it), execute the following
> > >
> > >     saveToken(request)
> > >
> > >   to save a special value in the user's session that will be used in
> > >   the next step.
> > >
> > > * In the Action that receives the form and updates the database, add
> > >   the following logic before you do the update:
> > >
> > >     if (isTokenValid(request, true)) {
> > >       ... this is a resubmit, so go display an error ...
> > >     }
> > >
> > >   The "true" parameter causes the token to be removed from the session
> > >   so that it doesn't interfere with subsequent form submits.
> > >
> > > This way, the submit will work the first time, but fail on any
> accidental
> > > or on-purpose resubmit, and you avoid adding the information to the
> > > database twice.  It also prevents the user from navigating directly to
> the
> > > "myDB.do" URL without going through your normal setup actions --
because
> > > the transaction token would not have been placed in the session, so
the
> > > isTokenValid() test would fail.
> > >
> > > Craig
> >
> > -----Original Message-----
> > From: Michael Delamere [mailto:home@michael-delamere.de]
> > Sent: Monday, September 09, 2002 17:25
> > To: Struts Users Mailing List
> > Subject: Re: [Tokens] Where can I find more information....
> >
> >
> > ok, I found this which pretty much helped me understand what is going
on:
> >
> > http://www.mail-archive.com/struts-user@jakarta.apache.org/msg35501.html
> >
> >
> > However I still have a problem:
> >
> > In my showProductsAction I have the line: saveToken(request);
> >
> > Then next option would be to click "add to cart" in which case I would
go
> to
> > the CartAction accordingly.  In my CartAction I check the token:
> >
> > ===============================
> > if (isTokenValid(request, true)) {
> >    System.out.println("TOKEN IS VALID");
> >   }
> >   else {
> >    System.out.println("TOKEN IS NO LONGER VALID");
> >   }
> > ===============================
> >
> > Is the above code assumption correct or am I misinterpreting something?
> > Because when I submit "add to cart"  I always jump into the else block!
> >
> >
> > Regards,
> >
> > Michael
> >
> >
> >
> > ----- Original Message -----
> > From: "Michael Delamere" <home@michael-delamere.de>
> > To: "Struts Users Mailing List" <struts-user@jakarta.apache.org>
> > Sent: Monday, September 09, 2002 9:40 AM
> > Subject: [Tokens] Where can I find more information....
> >
> >
> > > Hi,
> > >
> > > I posted a thread last week about having caching problems and that my
> > > shopping cart was being incremented by 1 everytime somebody refreshed
> the
> > > browser.
> > >
> > > The answer I got was that one could use tokens.  Sounds like a great
> idea!
> > > So I had a look at the struts-example to find out what it´s about but
to
> > be
> > > honest I don´t understand exactly what is going on.
> > >
> > > I tried implementing the code almost exactly as it was done there and
it
> > > keeps on telling me that my token is invalid.  The problem I have here
> is
> > > that I don´t know what it means or what I have to do to correct this.
> > >
> > > 1.  Does anyone know where I can find more information on these
tokens?
> > >
> > > 2.  Would it not be a good idea to include this in the struts-config
> > action
> > > configuration,
> > >       i.e. token="true"?
> > >
> > > Any help would be really appreciated!
> > >
> > > Thanks,
> > >
> > > Michael
> > >
> > >
> > >
> > > --
> > > To unsubscribe, e-mail:
> > <mailto:struts-user-unsubscribe@jakarta.apache.org>
> > > For additional commands, e-mail:
> > <mailto:struts-user-help@jakarta.apache.org>
> > >
> >
> >
> > --
> > To unsubscribe, e-mail:
> > <mailto:struts-user-unsubscribe@jakarta.apache.org>
> > For additional commands, e-mail:
> > <mailto:struts-user-help@jakarta.apache.org>
> >
> >
> > --
> > To unsubscribe, e-mail:
> > <mailto:struts-user-unsubscribe@jakarta.apache.org>
> > For additional commands, e-mail:
> > <mailto:struts-user-help@jakarta.apache.org>
> >
> >
> > The contents of this email are intended only for the named addressees
and
> > may contain confidential and/or privileged material. If received in
error
> > please contact UPCO on +44 (0) 113 201 0600 and then delete the entire
> > e-mail from your system. Unauthorised review, distribution, disclosure
or
> > other use of this information could constitute a breach of confidence.
> Your
> > co-operation in this matter is greatly appreciated.
> >
> > --
> > To unsubscribe, e-mail:
> > <mailto:struts-user-unsubscribe@jakarta.apache.org>
> > For additional commands, e-mail:
> > <mailto:struts-user-help@jakarta.apache.org>
> >
> >
> > The contents of this email are intended only for the named addressees
and
> > may contain confidential and/or privileged material. If received in
error
> > please contact UPCO on +44 (0) 113 201 0600 and then delete the entire
> > e-mail from your system. Unauthorised review, distribution, disclosure
or
> > other use of this information could constitute a breach of confidence.
> Your
> > co-operation in this matter is greatly appreciated.
> >
> > --
> > To unsubscribe, e-mail:
> > <mailto:struts-user-unsubscribe@jakarta.apache.org>
> > For additional commands, e-mail:
> > <mailto:struts-user-help@jakarta.apache.org>
> >
> >
> > --
> > To unsubscribe, e-mail:
> <mailto:struts-user-unsubscribe@jakarta.apache.org>
> > For additional commands, e-mail:
> <mailto:struts-user-help@jakarta.apache.org>
> >
>
>
> --
> To unsubscribe, e-mail:
> <mailto:struts-user-unsubscribe@jakarta.apache.org>
> For additional commands, e-mail:
> <mailto:struts-user-help@jakarta.apache.org>
>
>
> --
> To unsubscribe, e-mail:
<mailto:struts-user-unsubscribe@jakarta.apache.org>
> For additional commands, e-mail:
<mailto:struts-user-help@jakarta.apache.org>
>


--
To unsubscribe, e-mail:
<mailto:struts-user-unsubscribe@jakarta.apache.org>
For additional commands, e-mail:
<mailto:struts-user-help@jakarta.apache.org>

--
To unsubscribe, e-mail:
<mailto:struts-user-unsubscribe@jakarta.apache.org>
For additional commands, e-mail:
<mailto:struts-user-help@jakarta.apache.org>


The contents of this email are intended only for the named addressees and
may contain confidential and/or privileged material. If received in error
please contact UPCO on +44 (0) 113 201 0600 and then delete the entire
e-mail from your system. Unauthorised review, distribution, disclosure or
other use of this information could constitute a breach of confidence. Your
co-operation in this matter is greatly appreciated. 

--
To unsubscribe, e-mail:   <mailto:struts-user-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:struts-user-help@jakarta.apache.org>


Mime
View raw message