Struts forwarding does not change URL in browser

[kaman]

Hello,

I have a struts application that adds a customer record via
customerAdd.do then displays the record using customerDisplay.do

On the form, there is an Add button that submits the form data to
customerAdd.do (where the data is added to a db), it then in turns
forwards control along to customerDisplay.do to display the data. In
general:

form submit -> customerAdd.do --> customerDisplay.do

This all works fine. My problem is that after the customer record is
displayed, the browser location bar states that the URL is
http://host/myapp/customerAdd.do. So when a user hits the refresh
button on the browser, it prompts the user asking them if they want to
repost data. If they hit ok, customerAdd.do is called again and a
duplicate record is added into the db.

How can I prevent them from reposting? Or is there a way to change
the URL to customerDisplay.do so that reposting will not matter?

Thanks in advance,

Kaman

 

[Chris Riesbeck]

Hello,

On the form, there is an Add button that submits the form data to
customerAdd.do (where the data is added to a db), it then in turns
forwards control along to customerDisplay.do to display the data. In
general:

form submit -> customerAdd.do --> customerDisplay.do

This all works fine. My problem is that after the customer record is
displayed, the browser location bar states that the URL is
http://host/myapp/customerAdd.do. So when a user hits the refresh
button on the browser, it prompts the user asking them if they want to
repost data. If they hit ok, customerAdd.do is called again and a
duplicate record is added into the db.

You probably want to write server-side code to handle duplicate requests
gracefully, just to be robust.

An alternative for forward is redirecting. If, after processing,
you redirect to the customerDisplay, then the browser is told
the new URL. The upside is no refresh/report. The downside is that
request parameters are not passed along, so everything on the
new page has to be gotten from session variables. I consider
that an upside myself, because it means all important state information
has been captured on the server and the page is just a view on
that server state.

See HttpServletResponse.sendRedirect() for details

 

[kaman]

Hello,

Thanks for you reply. I was wondering if you had an idea in mind when
you said I would have to write some server side logic to handle
duplicates.

My thought was to create a cookie using javascript right before the
submit (this would be a flag indicating that the submit button was
pressed). The customerAdd.do would then test for such a cookie and
only proceed with a db insert if a cookie exists. customerAdd would
then unset the cookie before it forwards control to
customerDisplay.do. This way if the user reposted, there would be no
cookie present and thus no save would be made.

It's not the best solution. Would you have any other ideas?

Thanks in advance.

 

[Matt Parker]

Hello,

Thanks for you reply. I was wondering if you had an idea in mind when
you said I would have to write some server side logic to handle
duplicates.

My thought was to create a cookie using javascript right before the
submit (this would be a flag indicating that the submit button was
pressed). The customerAdd.do would then test for such a cookie and
only proceed with a db insert if a cookie exists. customerAdd would
then unset the cookie before it forwards control to
customerDisplay.do. This way if the user reposted, there would be no
cookie present and thus no save would be made.

It's not the best solution. Would you have any other ideas?

Thanks in advance.

Struts has a built in token generator and that token can be added to the
request. This can be checked for at the time of the form submit. Basically
if the token submitted doesn't match the one expected you can ignore the
request. This is called the Synchronizer Token pattern. A quick Google came
up with this - http://www.javaworld.com/javatips/jw-javatip136_p.html

You could also extend the example from the webpage and make the whole
application protected by customising the Struts RequestProcessor and
overriding the processPreProcess() method.

Matt

 

[kaman]

Hey Matt,

This is exactly what I was looking for. Thanks so much for your help.

Kaman