tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Smith <d...@cornell.edu>
Subject Re: Form data refresh?
Date Thu, 21 Feb 2008 01:43:12 GMT
Alaska Winter wrote:
>>> I would add a one time token to the request.
>>>       
> Do you mean on the client side using javascript or something?
>
>   
Nope... just either a hidden field in the form or if you are building 
URLs w/ parameters, just add it in.  Very simple stuff.

1. tomcat receive's request
2. if it's an action request like adding an item to a cart, check for 
the presence of the token and compare to the one on the session.
3. On match, change the token in the session so the response can make 
sure it get's in the response hidden field or urls.
    Failing a match, create a new one anyway and store it in the session 
for the response and forward to a safe non-action page like a browse page
4. Build response w/ either the hidden field pre-loaded with the new 
token or urls built w/ the new token.

Nothing so complex as javascript involved.  Just straight server-side 
management.

--David

---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message