Hello,
You can avoid this using Synchronizer token
pattern.
This is how we implemented it in one of the projects.
1) Keep a hidden variable in the HTML form.
2) Assign this variable a value say "val1" and keep the same value in HttpSession. This can be done when you sending the response for the requested action.
3)When the form is submitted, you check the hidden variable value with the one in session. If they are same then process the request and at the same time reset the value in the session.
4) If this doesnt match then it is a attempt of form-resubmission and throw back an error.
Note: You can write a Utility class which generates random numbers which can be used as values. A custom tag can be used to get the value in the
JSP and you can use utility class from your code to get the value which is set in the Httpsession object.
Thanks,
Amit