• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

restricting the clicling on submit button several times.

 
Greenhorn
Posts: 28
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
hi,

how can we restrict the cliking of the "submit" button several times. i know oneway disabling the "submit" button after first click.
But if anyone knows it programmatically, please let me know(any otherway of restricting the clicking of submit button).
 
Rancher
Posts: 1337
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
You can include a unique (maybe numeric) token as part of the request. The server can then check if a form submit for that token has already happened, and -if it has- not process the request. The tokens sent to the client need to be tracked on the server, so that any URL manipulation on the client can also be detected.
 
Ranch Hand
Posts: 2234
Eclipse IDE Firefox Browser Redhat
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

You can include a unique (maybe numeric) token as part of the request.


( having them with the help of hidden parameters inside jsp )
So you mean to say that hardocde this token inside every JSP / HTML Page ?? , do you really mean this or something else ??
 
author & internet detective
Posts: 41860
908
Eclipse IDE VI Editor Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Ravi Kiran Va wrote:

You can include a unique (maybe numeric) token as part of the request.


( having them with the help of hidden parameters inside jsp )
So you mean to say that hardocde this token inside every JSP / HTML Page ?? , do you really mean this or something else ??


Not hardcode, but code. One typically uses a filter or framework to add the token to every page as it renders. This works for JSP pages, but not HTML pages.

The OWASP CSRF filter actually uses the technique, but to solve a different problem. They generate one token for the session and all requests must have it. That way someone can't impersonate the user by stealing their links.
 
Ravi Kiran Va
Ranch Hand
Posts: 2234
Eclipse IDE Firefox Browser Redhat
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Thanks Jeanne ,
It was interesting to know this new point for me .

One typically uses a filter or framework to add the token to every page as it renders.



But typically , whats your advice on as how to proceed with this approach ,because Filter Generated Code would be dynamic for every page and later in next Layer how the servlet will know that it has to validate this content (The dynamic code generated by the Filter )??


Thanks .

 
Ravi Kiran Va
Ranch Hand
Posts: 2234
Eclipse IDE Firefox Browser Redhat
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
After 10 days of patience


how to proceed with this approach ,because Filter Generated Code would be dynamic for every page and later in next Layer how the servlet will know that it has to validate this content (The dynamic code generated by the Filter )??



I dont want to use any sessionTokienizer for this .I want to manually code this

Could any body please take some time to answer my question .
 
Bartender
Posts: 10336
Hibernate Eclipse IDE Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I don't understand your question. What do you mean by "Filter Generated Code would be dynamic for every page" - filters are applied to requests, they are not associated with pages.
 
Ravi Kiran Va
Ranch Hand
Posts: 2234
Eclipse IDE Firefox Browser Redhat
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Paul ,
What do i mean is that , as i want to avoid duplicate submission from a single page , so for this purpose the String that was generated by the request should be known by the controller to validate if its a first request or not ??

Thanks .
 
reply
    Bookmark Topic Watch Topic
  • New Topic