I understand that Strut's Action class has saveToken(), isTokenValid(), resetToken() methods to facilitate the prevention of multiple form submissions.
Suppose that I have two different forms (let's call them form A and form B), and both of them can be opened at the same time in two different popup windows. Consider the following events:
(1) Click link to open form A, and fill in form A's fields. (2) Click link to open form B, and fill in form B's fields. (3) Click Submit button in form A. (4) Wait for server to return response page. (5) Click Submit button in form B. (6) Wait for server to return response page.
I understand that Struts is only using one session attribute, org.apache.struts.action.TOKEN, and one request parameter org.apache.struts.taglib.html.TOKEN to facilitate the handling of multiple form submissions. But if I have more than one form, how does that single session attribute be able to tell which form it is for?
In (1) above, it will generate a hidden field value (org.apache.struts.taglib.html.TOKEN), and a new session attribute value for org.apache.struts.action.TOKEN. In (2) a hidden field value will be generated too, but the session attribute value, org.apache.struts.action.TOKEN, for (1), would have been overwritten. In that case, when we come to (3), wouldn't we have a problem?
You get good luck from rubbing the belly of a tiny ad: