I don't know what the Token class is, but the standard technique to handle
reposts is called sometimes the "Token Pattern". The name comes not from a
class "Token" but from an arbitrary object, often a String, used as a token, a
marker for something.
The defense against applying the same transaction multiple times is to enforce
"idempotency" - the property that a transaction only has effect the first time
it's applied.
In the case of a form POST, you place a token, let's say a string with the
name of the form, in the session the first time you generate the page. In the
handler for the form submit, check for the token, that is, the string with the
identifier of the form (could also be a GUID like a hexadecimal string) in the
session.
String token = (String) session.getAttribute( "token" );
If the token is in the session the handler is allowed to apply the
transaction. First, it must remove the token
session.removeAttribute( "token" );
then perform the business logic.
If the handler is invoked again before a new page is generated, the check for
the token in the session will return null. In that case do not perform the
business logic. That way the handler only performs business logic once per
screen no matter how many times the same submit hits it.
Your logic is then "idempotent".
GIYF.
So is Wikipedia.
<
http://en.wikipedia.org/wiki/Idempotence_(computer_science)>
-- Lew