logo

자료실 HOME > 참여광장 > 자료실
2018.01.13 05:35

ZWT

조회 수 8 추천 수 0 댓글 0
수정 삭제
수정 삭제
Read the online, there are several ways:

unique content checker1 in your form page HEAD area to add this code:

\u0026 lt; META HTTP-EQUIV = 'pragma' content quality checker = 'no-cache' \u0026 gt;

\u0026 lt; META HTTP-EQUIV = 'Cache-Control' CONTENT = 'no-cache, must-revalidate' \u0026 gt;

\u0026 lt; META HTTP-EQUIV = 'expires' CONTENT = 'Wed, 26 Feb 1997 08:21:57 GMT' \u0026 gt;

2

Generate a token stored in the user session, add a hidden domain in the form, show the order

The value of the card, the form of the submission after the re-generate a new token, the user will submit the token and session

In the token comparison, if the same is repeated submission

3

Use the Response.Redirect ('selfPage') statement in your server-side control's code. But most of the number do not use this method.

There are many ways. The The

4

\u0026 lt; input type = 'button' value = 'commit' onclick = 'this.disabled = true; this.form.submit ()' \u0026 gt;

5

Add a hidden field to the FORM form of the JSP page \u0026 nbsp; \u0026 nbsp;

\u0026 nbsp; \u0026 lt; input \u0026 nbsp; \u0026 nbsp; type = 'hidden' \u0026 nbsp; \u0026 nbsp; name = 'url' value = \u0026 lt;% = request.getRequestURL ()% \u0026 gt; \u0026 gt; \u0026 nbsp; \u0026 nbsp;

\u0026 nbsp; \u0026 nbsp; \u0026 nbsp;

\u0026 nbsp; Add the following statement to your server: \u0026 nbsp; \u0026 nbsp;

\u0026 nbsp; String \u0026 nbsp; \u0026 nbsp; url = request.getParameter ('url'); \u0026 nbsp; \u0026 nbsp;

\u0026 nbsp; response.sendRedirect (url); \u0026 nbsp; \u0026 nbsp;

\u0026 nbsp; I generally use this method to return to the JSP page, do not understand what you said is the concept of repeated refresh \u0026 nbsp; \u0026 nbsp;

6 ajax no refresh submission

7 Web development to prevent the browser's refresh button caused by repeated operation of the system

How to solve it? Redirection can solve the problem of duplicate submission of data from page refresh, and we can naturally use redirection to solve this problem. But struts inside the action mapping.findword (); jump, then the default is in the works folder inside to find the page to jump. This situation, how to solve it?

Modify the struts-config.xml file, in the action which has a redirect redirect attribute, struts default is false, add this attribute, changed to true, in the write for the page to write the absolute or relative address on the line

Modify as follows:

\u0026 lt; action-mappings \u0026 gt;

\u0026 nbsp; \u0026 lt; action attribute = 'newsActionForm' name = 'newsActionForm'

\u0026 nbsp; \u0026 nbsp; input = '/ addnews.jsp' path = '/ newsAction' parameter = 'method'

\u0026 nbsp; \u0026 nbsp; scope = 'request' type = 'com.yongtree.news.action.NewsAction' \u0026 gt;

\u0026 nbsp; \u0026 nbsp; \u0026 lt; forward name = 'list' path = '/ listnews.jsp' redirect = 'true' \u0026 gt; \u0026 lt; / forward \u0026 gt;

\u0026 nbsp; \u0026 nbsp; \u0026 lt; forward name = 'error' path = '/ addnews.jsp' \u0026 gt; \u0026 lt; / forward \u0026 gt;

\u0026 nbsp; \u0026 lt; / action \u0026 gt;

\u0026 lt; / action-mappings \u0026 gt;

Repeat the submission, repeat the refresh, to prevent the back of the problem and approach

one. Rhithers. Points to nights

You in any one of the more professional BBS will see such a problem, even if you look at Google, will find a lot of people in the attention and inquiry, but we are given solutions are different, (some people advocate the use of script to solve; some want to redirect to other pages; some will raise this issue to Token's point of view) Why is there such a big difference?

two. Problem scene

First of all, we should first understand why to deal with such a problem? Or professional point is what it is suitable for the scene? (It seems that only people to ask no one to explain)

1. Repeated submission, repeated refresh of the scene

Repeat the submission, repeated refresh is to solve the system to repeat the problem. That is to say that a person in a number of times to submit a record (why? Maybe it is idle no matter to do; most likely the user simply do not know whether their submission has been implemented ?!).

But the emergence of such a problem is not necessarily have to deal with, depending on the type of system you have developed. For example, you take over a resource management system, the system itself from the demand point of view simply does not allow 'duplicate' records, in such a demand constraints, to repeat the submission of action will only lead to 'business-level exception' Of the production, it is impossible to implement the success also does not matter to avoid the problem is not avoided.

2. To prevent the back of the scene

Understand the repeated refresh, repeat the submission of the scene, we come to understand the 'prevent back' operation of the reasons for what? For example, you are developing a voting system, it has a lot of steps, and these steps are linked, such as the first step will send some information to the second step, the second step to cache the information, while the Their own information sent to the third step. The The The The And so on, if the user at this time in the third step, we imagine a naughty user's user click on the back button, then the screen appears the second step of the page, he again modified or submitted again, into the The next step (that is, the third step), the error will be generated here? The What's wrong? The most typical is that this operation directly led to the loss of the first step information! (If this information is to rely on Request storage, of course, you can store in the Session or a larger context, but this is not a good idea! On the information storage problem, the next time in a detailed discussion on this issue)

three. How to deal with the problem

Of course, many systems (such as the booking system from the demand itself is to allow individuals to repeat the booking) is to avoid repeated refresh, repeat the submission, and to prevent the back of the problem, but even such a problem, but also to distinguish how to deal with And where to deal with (online just tell you how to deal with, but rarely to distinguish where to deal with), obviously the way the deal is nothing more than the client or server-side two, and the face of different locations to deal with the way is different , But one thing to declare in advance: any client (especially B / S) processing are not trusted, the best is the most should be the server-side approach.

Client processing:

Face the client we can use Javascript script to solve, as follows

1. Repeat refresh, repeat submission

Ways One: set a variable, only allowed to submit once.

\u0026 lt; script language = 'javascript' \u0026 gt;

\u0026 nbsp; \u0026 nbsp; \u0026 nbsp; var checkSubmitFlg = false;

\u0026 nbsp; \u0026 nbsp; \u0026 nbsp; function checkSubmit ()

\u0026 nbsp; \u0026 nbsp; \u0026 nbsp; \u0026 nbsp; \u0026 nbsp; if (checkSubmitFlg == true)

\u0026 nbsp; \u0026 nbsp; \u0026 nbsp; \u0026 nbsp; \u0026 nbsp; \u0026 nbsp; \u0026 nbsp; \u0026 nbsp; return false;

\u0026 nbsp; \u0026 nbsp; \u0026 nbsp; \u0026 nbsp; \u0026 nbsp;

\u0026 nbsp; \u0026 nbsp; \u0026 nbsp; \u0026 nbsp; \u0026 nbsp; checkSubmitFlg = true;

\u0026 nbsp; \u0026 nbsp; \u0026 nbsp; \u0026 nbsp; \u0026 nbsp; return true;

\u0026 nbsp; \u0026 nbsp;

\u0026 nbsp; \u0026 nbsp; document.ondblclick = function docondblclick ()

\u0026 nbsp; \u0026 nbsp; \u0026 nbsp; window.event.returnValue = false;

\u0026 nbsp; \u0026 nbsp;

\u0026 nbsp; \u0026 nbsp; document.onclick = function doconclick ()

\u0026 nbsp; \u0026 nbsp; \u0026 nbsp; \u0026 nbsp; \u0026 nbsp; \u0026 nbsp; if (checkSubmitFlg)

\u0026 nbsp; \u0026 nbsp; \u0026 nbsp; \u0026 nbsp; \u0026 nbsp; \u0026 nbsp; \u0026 nbsp; \u0026 nbsp; window.event.returnValue = false;

\u0026 nbsp; \u0026 nbsp; \u0026 nbsp; \u0026 nbsp; \u0026 nbsp; \u0026 nbsp;

\u0026 nbsp; \u0026 nbsp;

\u0026 lt; / script \u0026 gt;

\u0026 lt; html: form action = 'myAction.do' method = 'post' onsubmit = 'return checkSubmit ();' \u0026 gt;

Way Two: Set the submit button or image to disable

\u0026 nbsp; \u0026 lt; html: form action = 'myAction.do' method = 'post' \u0026 nbsp;

\u0026 nbsp; \u0026 nbsp; \u0026 nbsp; onsubmit = 'getElById (' submitInput '). disabled = true; return true;' \u0026 gt; \u0026 nbsp; \u0026 nbsp;

\u0026 nbsp; \u0026 lt; html: image styleId = 'submitInput' src = 'http://zwtlong.iteye.com/blog/images/ok_b.gif' border = '0' / \u0026 gt;

\u0026 nbsp; \u0026 lt; / html: form \u0026 gt; \u0026 nbsp;

2. To prevent the user back

The method here is in a variety of ways, some changes in the history of the browser, such as the use of window.history.forward () method; some 'with the new page URL to replace the current history, so browsing history, only one page, The button will never become available. 'For example, use javascript: location.replace (this.href); event.returnValue = false;

2. Server-side processing (here only said Struts framework of the deal)

Using the Token mechanism to solve the problem of duplicate submission in Web applications, Struts also gives a reference implementation.

Fundamental:

The server side compares the token value contained in the request with the token value stored in the current user session before processing the incoming request,

See if it matches. After the request has been processed and a new token is generated before the reply is sent to the client, the token is passed to

In addition to the client, the old token saved in the user session is replaced. So if the user rolls back to just submit the page and again

The token passed on the client and the token on the server side are inconsistent, thus effectively preventing the occurrence of duplicate submission.

if (isTokenValid (request, true))

\u0026 nbsp; \u0026 nbsp; \u0026 nbsp; // your code here

\u0026 nbsp; \u0026 nbsp; \u0026 nbsp; return mapping.findForward ('success');

else

\u0026 nbsp; \u0026 nbsp; \u0026 nbsp; saveToken (request);

\u0026 nbsp; \u0026 nbsp; \u0026 nbsp; return mapping.findForward ('submitagain');



Struts generates a unique (for each session) token based on the user session ID and the current system time, and the specific implementation can refer to

The generateToken () method in the TokenProcessor class.

1. // verify transaction control token, \u0026 lt; html: form \u0026 gt; will automatically generate an implicit input on behalf of the token based on the session ID, preventing two submissions

2. In action:

\u0026 nbsp; \u0026 nbsp; \u0026 nbsp; \u0026 nbsp; \u0026 nbsp; \u0026 nbsp; // \u0026 lt; input type = 'hidden' name = 'org.apache.struts.taglib.html.TOKEN' \u0026 nbsp;

\u0026 nbsp; \u0026 nbsp; \u0026 nbsp; \u0026 nbsp; \u0026 nbsp; \u0026 nbsp; // \u0026 nbsp; value = '6aa35341f25184fd996c4c918255c3ae' \u0026 gt;

\u0026 nbsp; \u0026 nbsp; \u0026 nbsp; \u0026 nbsp; \u0026 nbsp; \u0026 nbsp; if (! isTokenValid (request))

\u0026 nbsp; \u0026 nbsp; \u0026 nbsp; \u0026 nbsp; \u0026 nbsp; \u0026 nbsp; \u0026 nbsp; \u0026 nbsp; \u0026 nbsp; \u0026 nbsp; errors.add (ActionErrors.GLOBAL_ERROR,

\u0026 nbsp; \u0026 nbsp; \u0026 nbsp; \u0026 nbsp; \u0026 nbsp; \u0026 nbsp; \u0026 nbsp; \u0026 nbsp; \u0026 nbsp; \u0026 nbsp; \u0026 nbsp; \u0026 nbsp; \u0026 nbsp; \u0026 nbsp; \u0026 nbsp; \u0026 nbsp; \u0026 nbsp; \u0026 nbsp; \u0026 nbsp; \u0026 nbsp; \u0026 nbsp; \u0026 nbsp; \u0026 nbsp; \u0026 nbsp; \u0026 nbsp; \u0026 nbsp; \u0026 nbsp; \u0026 nbsp; \u0026 nbsp; \u0026 nbsp; \u0026 nbsp; \u0026 nbsp; \u0026 nbsp; \u0026 nbsp; \u0026 nbsp; \u0026 nbsp; \u0026 nbsp; \u0026 nbsp; \u0026 nbsp; \u0026 nbsp; \u0026 nbsp; \u0026 nbsp; token '));

\u0026 nbsp; \u0026 nbsp; \u0026 nbsp; \u0026 nbsp; \u0026 nbsp; \u0026 nbsp; resetToken (request); // remove the token in session

3. action has such a way to generate a token

\u0026 nbsp; \u0026 nbsp; protected String generateToken (HttpServletRequest request)

\u0026 nbsp; \u0026 nbsp; \u0026 nbsp; \u0026 nbsp; \u0026 nbsp; \u0026 nbsp; HttpSession session = request.getSession ();

\u0026 nbsp; \u0026 nbsp; \u0026 nbsp; \u0026 nbsp; \u0026 nbsp; \u0026 nbsp; try

\u0026 nbsp; \u0026 nbsp; \u0026 nbsp; \u0026 nbsp; \u0026 nbsp; \u0026 nbsp; \u0026 nbsp; \u0026 nbsp; \u0026 nbsp; \u0026 nbsp; byte id [] = session.getId (). getBytes ();

\u0026 nbsp; \u0026 nbsp; \u0026 nbsp; \u0026 nbsp; \u0026 nbsp; \u0026 nbsp; \u0026 nbsp; \u0026 nbsp; \u0026 nbsp; \u0026 nbsp; byte now [] =

\u0026 nbsp; \u0026 nbsp; \u0026 nbsp; \u0026 nbsp; \u0026 nbsp; \u0026 nbsp; \u0026 nbsp; \u0026 nbsp; \u0026 nbsp; \u0026 nbsp; \u0026 nbsp; \u0026 nbsp; new Long (System.currentTimeMillis ()). toString (). getBytes ();

\u0026 nbsp; \u0026 nbsp; \u0026 nbsp; \u0026 nbsp; \u0026 nbsp; \u0026 nbsp; \u0026 nbsp; \u0026 nbsp; \u0026 nbsp; \u0026 nbsp; MessageDigest md = MessageDigest.getInstance ('MD5');

\u0026 nbsp; \u0026 nbsp; \u0026 nbsp; \u0026 nbsp; \u0026 nbsp; \u0026 nbsp; \u0026 nbsp; \u0026 nbsp; \u0026 nbsp; \u0026 nbsp; md.update (id)

\u0026 nbsp; \u0026 nbsp; \u0026 nbsp; \u0026 nbsp; \u0026 nbsp; \u0026 nbsp; \u0026 nbsp; \u0026 nbsp; \u0026 nbsp; \u0026 nbsp; md.update (now);

\u0026 nbsp; \u0026 nbsp; \u0026 nbsp; \u0026 nbsp; \u0026 nbsp; \u0026 nbsp; \u0026 nbsp; \u0026 nbsp; \u0026 nbsp; \u0026 nbsp; return (toHex (md.digest ()));

\u0026 nbsp; \u0026 nbsp; \u0026 nbsp; \u0026 nbsp; \u0026 nbsp; \u0026 nbsp; catch (IllegalStateException e)

\u0026 nbsp; \u0026 nbsp; \u0026 nbsp; \u0026 nbsp; \u0026 nbsp; \u0026 nbsp; \u0026 nbsp; \u0026 nbsp; \u0026 nbsp; \u0026 nbsp; return (null);

\u0026 nbsp; \u0026 nbsp; \u0026 nbsp; \u0026 nbsp; \u0026 nbsp; \u0026 nbsp; catch (NoSuchAlgorithmException e)

\u0026 nbsp; \u0026 nbsp; \u0026 nbsp; \u0026 nbsp; \u0026 nbsp; \u0026 nbsp; \u0026 nbsp; \u0026 nbsp; \u0026 nbsp; \u0026 nbsp; return (null);

\u0026 nbsp; \u0026 nbsp; \u0026 nbsp; \u0026 nbsp; \u0026 nbsp; \u0026 nbsp;

\u0026 nbsp; \u0026 nbsp; \u0026 nbsp;

to sum up

For repeated submission, repeated refresh, to prevent back and so on are part of the system to avoid duplication of records and need to solve the problem in the client to deal with the need for each of the possible solutions, but on the server side only But for the authenticity of the data test problem, based on the token processing is a once and for all the way.

At the same time we also see that from a different point of view to look at the problem, the solution is different. The client is more the pursuit of the user's operation, and the server will focus on the data processing, so in a seemingly easy on the server side, the client to solve the trouble a lot! And vice versa. So in some of the problems we need to consider and balance, is to use the client to solve? Or use the server to deal with?