The Java Developers Almanac 1.4


Order this book from Amazon.

   
Home > List of Packages > javax.servlet.jsp  [18 examples] > Java Server Pages  [7 examples]

e1050. Implementing a Form That Prevents Duplicate Submissions in a JSP Page

After the user submits a form for processing, it is possible for the user to inadvertently hit the back button and resubmit the form again. e1049 Implementing a Form in a JSP Page implements such a form. It is possible to prevent this possibility if necessary. The strategy involves the use of a timestamp that is saved in the session as well as embedded on the form. When the form is submitted for processing, the timestamp in the form is compared to the value saved in the session. If the timestamps do not match, it is assumed that either the form has expired or has been submitted.

This example builds on the one in e1049 Implementing a Form in a JSP Page. Refer to that example for more information about this example.

    <%-- Instantiate the form validation bean and supply the error message map --%>
    <%@ page import="com.mycompany.*" %>
    <jsp:useBean id="form" class="com.mycompany.MyForm" scope="request">
        <jsp:setProperty name="form" property="errorMessages" value='<%= errorMap %>'/>
    </jsp:useBean>
    
    <%
        // Ask the browser not to cache the page
        response.setHeader("Pragma", "no-cache");
        response.setHeader("Cache-Control", "no-cache");
    
    
        // If process is true and a timestamp is present, attempt to validate and process the form
        String timestamp = request.getParameter("timestamp");
        if ("true".equals(request.getParameter("process")) && timestamp != null) {
            // Check timestamp
            if (!timestamp.equals(session.getAttribute("com.mycompany.MyForm.timestamp"))) {
                response.sendRedirect("formAlreadyDone.jsp");
                return;
            }
    %>
            <jsp:setProperty name="form" property="*" />
    <%
            if (form.process()) {
                // Save a new timestamp in the session
                timestamp = ""+System.currentTimeMillis();
                session.setAttribute("com.mycompany.MyForm.timestamp", timestamp);
    
                // Go to success page
                response.sendRedirect("formDone.jsp");
                return;
            }
        } else {
            timestamp = ""+System.currentTimeMillis();
            session.setAttribute("com.mycompany.MyForm.timestamp", timestamp);
        }
    %>
    
    <html>
    <head><title>A Simple Form That Prevents Duplicate Submissions</title></head>
    <body>
    
    <%-- When submitting the form, resubmit to this page --%>
    <form action='<%= request.getRequestURI() %>' method="POST">
        <%-- email --%>
        <font color=red><%= form.getErrorMessage("email") %></font><br>
        Email: <input type="TEXT" name="email" value='<%= form.getEmail() %>'>
        <br>
    
        <%-- zipcode --%>
        <font color=red><%= form.getErrorMessage("zipcode") %></font><br>
        Zipcode: <input type="TEXT" name="zipcode" value='<%= form.getZipcode() %>'>
        <br>
    
        <input type="SUBMIT" value="OK">
        <input type="HIDDEN" name="process" value="true">
    
        <%-- Save the timestamp in the form --%>
        <input type="HIDDEN" name="timestamp" value="<%= timestamp %>">
    </form>
    
    </body>
    </html>
    <%!
        // Define error messages
        java.util.Map errorMap = new java.util.HashMap();
        public void jspInit() {
            errorMap.put(MyForm.ERR_EMAIL_ENTER, "Please enter an email address");
            errorMap.put(MyForm.ERR_EMAIL_INVALID, "The email address is not valid");
            errorMap.put(MyForm.ERR_ZIPCODE_ENTER, "Please enter a zipcode");
            errorMap.put(MyForm.ERR_ZIPCODE_INVALID, "The zipcode must be 5 digits");
            errorMap.put(MyForm.ERR_ZIPCODE_NUM_ONLY, "The zipcode must contain only digits");
        }
    %>

 Related Examples
e1046. The Quintessential JSP Page
e1047. Running Java Code in a JSP Page
e1048. Saving Data in a JSP Page
e1049. Implementing a Form in a JSP Page
e1051. Precompiling a JSP Page
e1052. Preventing the Creation of a Session in a JSP Page

See also: Java Server Pages Headers    Java Server Pages Input    Java Server Pages Output   


© 2002 Addison-Wesley.