tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Alaska Winter" <ski...@gmail.com>
Subject Re: Form data refresh?
Date Thu, 21 Feb 2008 02:43:25 GMT
i think I understand:
-- generate unique token=xyz123 and store in the session
-- generated catalogue content so that addToCart url's look like this in the
html source:
http://my.domain.com/addToCart.do?itemId=HB0019?token=xyz123
-- when users adds an item to the cart, check form data token against
session token.
-- if match, add to cart, generate new token and store in session.
-- user clicks 'continue shopping' and new cataloge content is generate with
urls containing new session token:
http://my.domain.com/addToCart.do?itemId=HB0019?token=bgh456

what happens if user hits the back button to catalogue.  Perfectly valid
thing to do.

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message