first.jsp 只有關鍵代碼
<%
//生成一個令牌值
org.apache.struts.util.TokenProcessor.getInstance().saveToken(request);
%>
<form action="second.jsp" method="post">
<!-- org.apache.struts.action.TOKEN 不能修改 -->
<input type="hidden" name="org.apache.struts.taglib.html.TOKEN"
value="<%=session.getAttribute("org.apache.struts.action.TOKEN")%>" />
<label>username<input type="text" name="username" value="" /></label><br/>
<label>password<input type="text" name="password" value=""/></label><br/>
<label><input type="submit" name="Submit" value="Submit" /></label>
</form>
===============================================================
second.jsp
Thread.sleep(1500); //可以看到點擊多次提交後的效果
String username="";
String password="";
String isNew = "OK";
//判斷令牌是否和session中一樣,true:同時生成新令牌,缺省isTokenValid(request)爲false
if(org.apache.struts.util.TokenProcessor.getInstance().isTokenValid(request,true)) {
username=request.getParameter("username");
password=request.getParameter("password");
org.apache.struts.util.TokenProcessor.getInstance().resetToken(request);
} else {
org.apache.struts.util.TokenProcessor.getInstance().saveToken(request);
isNew = "重複提交";
}
%>
username:<%=username%>
<br/>
password:<%=password%>
<br/>
是否重複提交:<%=isNew %>
=================================================================
PS:這個方法並不阻止用戶多次點擊按鈕,在first頁面最好還是控制提交按鈕
另外:
使用重定向防止F5刷新頁面,也就是重複提交,然後在請求頁面增加
<%
response.setHeader("Cache-Control","no-store");
response.setHeader("Pragrma","no-cache");
response.setDateHeader("Expires",0);
%>
利用<meta>
<meta http-equiv="Pragma" content="no-cache">