Servlet防止重复提交(简单令牌方式)
简单令牌原理
当前台点击submit按钮后,信息提交到后台,但是如果用户又继续刷新,那么将会重复提交
因此为了避免重复提交,在向后台提交时候,用js把当前提交时候的时间转成时间串,同步
提交给后台,这时候后台把信息和后台的session里面的时间对比,当然第一次提交的时候
session里面的时间信息是空的,所以可以执行提交内容。当二次提交的时候,前台传过去
时间传会和后台session里面第一次存的时间传对比如果不同,则说明不是重复提交,可以
执行提交内容,但是如果session里面的时间和前台传过来的时间传一样,那么说明是重复
提交。直接不执行提交,而是返回给原页面。
实现部分
--前台代码
<%@ page language="java" import="java.util.*" pageEncoding="GB18030"%><%@page import="com.xiaofu.db.model._MessageBox"%><%@taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %><%String path = request.getContextPath();String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/";%><!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"><html> <head> <base href="<%=basePath%>"> <title>My JSP 'welcome.jsp' starting page</title> <meta http-equiv="pragma" content="no-cache"><meta http-equiv="cache-control" content="no-cache"><meta http-equiv="expires" content="0"> <meta http-equiv="keywords" content="keyword1,keyword2,keyword3"><meta http-equiv="description" content="This is my page"><!--<link rel="stylesheet" type="text/css" href="styles.css">--> </head> <script type="text/javascript" language="javascript"> var d,hms; function notAcc(){d = new Date();hms = d.getTime();var urlaction = document.getElementById("mt").action;document.getElementById("mt").action = urlaction+"×="+hms;return true; } </script> <body> <h1>欢迎<%=request.getAttribute("user")%>登录留言板</h1><hr/><table border="1"> <tr><td>留言人</td><td>留言时间</td><td>留言信息</td></tr><%ArrayList<_MessageBox> almb = new ArrayList<_MessageBox>();almb = (ArrayList<_MessageBox>)request.getAttribute("almb");for(_MessageBox mb:almb){%> <tr><td><%=mb.getSs().getName()%></td><td><%=mb.getMbTime()%></td><td><%=mb.getMbMess()%></td></tr><% }%></table><hr/><form action="MessCon?type=2" method="post" id="mt"><input type="hidden" value="<%=request.getAttribute("user")%>" name="user"/><table><tr><td><textarea name="AddMess" style="width: 250px;height: 100px;"></textarea></td></tr><tr><td><input type="submit" value="提交" onclick="notAcc()"/><input type="reset" value="提交"/></td></tr></table></form> </body></html>
--后台代码
package com.xiaofu.db.control;import java.io.IOException;import java.sql.SQLException;import java.util.ArrayList;import javax.servlet.ServletException;import javax.servlet.http.HttpServlet;import javax.servlet.http.HttpServletRequest;import javax.servlet.http.HttpServletResponse;import com.xiaofu.db.dao.MessageBoxDAO;import com.xiaofu.db.model._MessageBox;public class MessCon extends HttpServlet{private String strType = "";private MessageBoxDAO mbDAO = null;private ArrayList<_MessageBox> almb = null;private boolean pdCF = false;//初始化public void init(){mbDAO = new MessageBoxDAO();almb = new ArrayList<_MessageBox>();}protected void doGet(HttpServletRequest req, HttpServletResponse res)throws ServletException, IOException {strType = req.getParameter("type");switch (Integer.valueOf(strType)) {/*1表示登录时候,获取所有留言信息*/case 1:getAllMess(req,res);break;case 2:setNesMess(req,res);default:break;}}private void setNesMess(HttpServletRequest req, HttpServletResponse res) {// TODO Auto-generated method stubtry {/*令牌控制*/if(req.getSession().getAttribute("time")!=null){if(!req.getSession().getAttribute("time").equals(req.getParameter("times"))){System.out.println("session里面有值,但是和传递过来的time不相等");pdCF = true;req.getSession().setAttribute("time", req.getParameter("times"));}else{System.out.println("你正在刷新重复提交");pdCF = false;}req.getSession().setAttribute("time", req.getParameter("times"));}else{System.out.println("session 为空");/*为空说明第一次*/req.getSession().setAttribute("time", req.getParameter("times"));pdCF = true;}/*依照它pdCF为true false 而进行是否执行*/if(pdCF && req.getParameter("AddMess")!=null&&req.getParameter("AddMess").length()>0){if(mbDAO.doInsertMessage(req.getParameter("user"), req.getParameter("AddMess"))){req.setAttribute("user", req.getParameter("user"));req.getRequestDispatcher("MessCon?type=1").forward(req, res);}}else{req.setAttribute("user", req.getParameter("user"));req.getRequestDispatcher("MessCon?type=1").forward(req, res);}} catch (SQLException e) {// TODO Auto-generated catch blocke.printStackTrace();} catch (IOException e) {// TODO Auto-generated catch blocke.printStackTrace();} catch (ServletException e) {// TODO Auto-generated catch blocke.printStackTrace();}}private void getAllMess(HttpServletRequest req, HttpServletResponse res) {// TODO Auto-generated method stubtry {almb.clear();almb = mbDAO.getAllMessage();req.setAttribute("user", req.getAttribute("user"));req.setAttribute("almb", almb);req.getRequestDispatcher("welcome.jsp").forward(req, res);} catch (SQLException e) {// TODO Auto-generated catch blocke.printStackTrace();} catch (ServletException e) {// TODO Auto-generated catch blocke.printStackTrace();} catch (IOException e) {// TODO Auto-generated catch blocke.printStackTrace();}}protected void doPost(HttpServletRequest req, HttpServletResponse res)throws ServletException, IOException {this.doGet(req, res);}}