1. Repeat submit the form
①: Repeat submission: submit the form to a Servlet, and servlet request forwarded by the way they respond to a jsp (html), this time the address bar is the first time the servlet request to the address bar, in response to refresh the page, there will be repeated submit. Redirect will not
Solution: Do not forwarded to another page, using redirection way to jump to the target page
response.sendRedirect(request.getContextPath()+"/background/main.jsp");
②: When the form is submitted, if speed is poor, may lead to click the submit button several times, this can lead to a form submitted to repeat
Solution: After submission, the button is set to not use (js)
<Script type = "text / JavaScript"> the window.onload = function () { // Get button object var BTN = document.getElementById ( "BTN"); // bind the button click response function btn.onclick = function () { later // click button unavailable this.disabled = to true; // when the submit button is set to unavailable, automatically cancels its default behavior // manual submission form this.parentNode.submit (); } ; }; </ Script>
......
<input type="submit" value="提交" id="btn">
③: After the form is submitted successfully, simply click rollback button on the browser, without refreshing the page, and then click the submit button to submit the form again
Solution: Add a tag in the jsp
reg.jsp:
<%@page import="java.util.UUID"%> <%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%> <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <title>Insert title here</title> </head> <%//java代码 //随机出现一个令牌,转成String,并且去除其中的“-” String uuid = UUID.randomUUID().toString().replace("-", ""); <body>, UUID); session.setAttribute ( "token1"the generated session token into domain// %> <form action="regServlet" method="post"> <input type="hidden" name="token" value="<%=uuid%>"/> 用户名:<input type="text" name="name"><br> 密 码: <input type="password" name="pwd"><br> <input type="submit" value="注册"> </form> </body> </html>
RegServlet.java
package com.hpe.servlet; import java.io.IOException; import javax.servlet.ServletException; import javax.servlet.annotation.WebServlet; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @WebServlet("/regServlet") public class RegServlet extends HttpServlet { private static final long serialVersionUID = 1L; public RegServlet() { super(); } protected void the doGet (the HttpServletRequest Request, the HttpServletResponse Response) throws ServletException, IOException { } protected void the doPost (the HttpServletRequest Request, the HttpServletResponse Response) throws ServletException, IOException { Request.setCharacterEncoding ( "UTF-. 8" ); // get the user request parameters // Get reg token in the token, preventing the user resubmit // Get <input> tag token String = request.getParameter token ( "token" ); // Get the session token String token1 = (String) request.getSession () .getAttribute ( "token1"); // two tokens determination, equal, to: register corresponds successfully remove the session token, @ as after successful registration, the session empty, two tokens are not equal, the determination is repeatedly submit IF ( token.equals (token1)) { System.out.println ( "registered successfully" ); Request.getSession () removeAttribute (. "token1" ); // forwards the request - generally used in a shared data request (the setAttribute) // Why would produce duplicate submission --- // forwarding address bar has not changed, still regServlet, refresh the equivalent of re-request a regServlet, then perform a request.getRequestDispatcher ( "/ index.jsp" ) .forward (request, the Response ); } the else { System.out.println ("Registration failed, repeat submission" ); request.getRequestDispatcher ( "/index.jsp" ) .forward (Request, the Response); } // to assign parameters to the entity class properties // call the service method // determine whether the registration was successful } }
Hazard resubmit the form of:
- a lot of duplication and insertion of data does not make sense to the database, tying up server resources
- server processes the request and did not check whether the request is a duplicate request, leading to malicious attacks
2. The situation is not to repeat the
①: registered, click back, refresh the original form page, not to repeat
Because, in the registration page refreshes, equivalent to re-register a new user.