First, repeat the form to submit questions
1, a way
When a request is forwarded using the background of the way, to reach another page, then the address bar has not changed, if you press F5, the page will refresh and re-submit the form;
2. Second way
When the user clicks submit, if for speed or other factors, then the user may continuously click on the submit button to submit duplication;
3. The third approach
When the user submits, click the Back button, click submit again, duplication to happen;
Second, the solution
To prevent users from submitting duplicate or some other malicious acts, certain measures can be used on the server side to prevent users who repeatedly submit, following several options:
1, using the UUID
UUID is an abbreviation for Universal Unique Identifier (Universally Unique Identifier) is a globally unique random number is 32 hexadecimal, to ensure that only all the machines are in the same space.
Ideas:
① generates a UUID in jsp submission of the form, and store it in the session as a Token fields and forms of hidden field.
② After the user submits the form, the form can be obtained Token hidden field, then the Token from session to obtain the domain
③ Comparative Token two are the same, if the same, commit, and removal of the Token session domain; if different, submit the work is performed.
Code Example:
1 // 登录的 jsp 页面
2 <%
3 String uuid = UUID.randomUUID().toString().replace("-", "");
4 session.setAttribute("uuid", uuid);
5 %>
6 <form action="LoginServlet" method="post">
7 <input type="hidden" value="<%=uuid %>" name="uuid2">
8 <label>用户名称:</label>
9 <input class="itxt" type="text" placeholder="请输入用户名" autocomplete="off" tabindex="1" name="username" />
10 <br />
11 <br />
12 <label>用户密码:</label>
13 <input class="itxt" type="password" placeholder="请输入密码" autocomplete="off" tabindex="1" name="password" />
14 <br />
15 <br />
16 <input type="submit" value="登录" id="sub_btn" />
17 </form>
18
19 //处理登录的 Servlet
20 protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
21 HttpSession session = request.getSession();
22
23 //Domain session were taken and hidden field uuid value
24 String UUID2 = request.getParameter ( "UUID2" );
25 Object uuid = session.getAttribute ( "uuid" );
26 is
27 // determines whether or equal to,
28 IF (uuid! = null && . uuid.toString () the equals (UUID2)) {
29 // equal to: submit, removing the domain session the Token
30 System.out.println ( "ha submit it !!!" );
31 is session.removeAttribute ( "UUID" );
32 }
33 is System.out.println ( "End!" );
34 is
35 }
2, using a verification code