java servlet (form data refresh)

[skijor]

Hi,
If a user adds an item to his/her shopping cart using form data like
this:
http://my.domain.com/addToCart.do?itemId=HB0019
How can I determine if it was generated from user clicking an add-to-
cart link vs. a browser refresh?
I don't want to increment the quantity in the cart for this item if
the user refreshes the browser but I do want to increment if the user
clicks the add button again for this item.



Thanks

 

[Buddha]

Hi,
If a user adds an item to his/her shopping cart using form data like
this:http://my.domain.com/addToCart.do?itemId=HB0019

Hi,

Why dont you use POST for this ?

 

[steen]

Hi,

Why dont you use POST for this ?

Well, using POST wont help...all it will do is make a popup for the
user saying something like "Do you really want to repost the data" (or
word to that effect), and most users will just press OK.

My suggestion would be to either
a) Implement the shopping cart via ajax
or
b) have the addToCart controller issue a redirect to a page without
the parameter, that way the user can hit refresh as many times as he
likes.

Just my 2 cents.

/Steen

 

[Lew]

Well, using POST wont help...all it will do is make a popup for the
user saying something like "Do you really want to repost the data" (or
word to that effect), and most users will just press OK.

My suggestion would be to either
a) Implement the shopping cart via ajax
or
b) have the addToCart controller issue a redirect to a page without
the parameter, that way the user can hit refresh as many times as he
likes.

The OP wants to keep the cart in view so the user can add to it at will
without excess navigation. They want the 'add' button to be active, they said.

Let's consider some analysis, then design. How likely or frequent will a
user's use of REFRESH be? It'll happen some, but not often, so we'd like a
low-cost solution, in terms of software maintenance effort.

A variation on the Synchronizer Token pattern might help. The classic pattern
prevents resubmission of form data placing a "token inside a hidden field.
Upon submission, request processing first tests for the presence of a valid
token in the request parameter by comparing it with the one registered in the
session."
<http://www.javaworld.com/javaworld/javatips/jw-javatip136.html>

The cited article replaces the token with null to prevent any resubmission
"until a new token is saved in the session, which must be done at the
appropriate time based on the desired application flow of control." In a
variation, that appropriate time would be right away, instead of nulling the
session token.

A REFRESH will resubmit the old, no longer valid token, and the transaction
will be ignored. A new 'add' click will submit the updated token in the
hidden field, and the server will confirm it and proceed with the operation.

Benefits of this approach are that it does not add superfluously hackish
pages, it does not alter the behavior of well-known browser operations like
REFRESH or BACK except to make them safe, and it's simple.

The word for an operation that only has effect the first time it's applied is
"idempotent". I had a bank hit my debit card twice for the same transaction a
while back. They failed to make that transaction idempotent.

 

[skijor]

Benefits of this approach are that it does not add superfluously hackish
pages, it does not alter the behavior of well-known browser operations like
REFRESH or BACK except to make them safe, and it's simple.

I have not read the article but I intend to. Sorry if this question
is covered but i do have a burning question that can't wait being the
impatient guy that I am. Hitting the back button seems like a valid
thing to do to return to the catalogue from the user's perspective.
In that case adding another item to the cart will use the stale token
and hence not result in an update.