Servlet防止重复提交（简单令牌方式）

简单令牌原理

当前台点击submit按钮后，信息提交到后台，但是如果用户又继续刷新，那么将会重复提交

因此为了避免重复提交，在向后台提交时候，用js把当前提交时候的时间转成时间串，同步

提交给后台，这时候后台把信息和后台的session里面的时间对比，当然第一次提交的时候

session里面的时间信息是空的，所以可以执行提交内容。当二次提交的时候，前台传过去

时间传会和后台session里面第一次存的时间传对比如果不同，则说明不是重复提交，可以

执行提交内容，但是如果session里面的时间和前台传过来的时间传一样，那么说明是重复

提交。直接不执行提交，而是返回给原页面。

实现部分

--前台代码

<%@ page language="java" import="java.util.*" pageEncoding="GB18030"%>
<%@page import="com.xiaofu.db.model._MessageBox"%>
<%@taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
<%
String path = request.getContextPath();
String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/";
%>

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
  <head>
    <base href="<%=basePath%>">
    
    <title>My JSP 'welcome.jsp' starting page</title>
    
	<meta http-equiv="pragma" content="no-cache">
	<meta http-equiv="cache-control" content="no-cache">
	<meta http-equiv="expires" content="0">    
	<meta http-equiv="keywords" content="keyword1,keyword2,keyword3">
	<meta http-equiv="description" content="This is my page">
	<!--
	<link rel="stylesheet" type="text/css" href="styles.css">
	-->

  </head>
  <script type="text/javascript" language="javascript">
    var d,hms;
  	function notAcc(){
		d = new Date();
		hms = d.getTime();
		var urlaction = document.getElementById("mt").action;
		document.getElementById("mt").action = urlaction+"×="+hms;
		return true;
  	}
  	
  </script>
  <body>
  	<h1>欢迎<%=request.getAttribute("user")%>登录留言板</h1>
	<hr/>
	<table border="1">
		 <tr><td>留言人</td><td>留言时间</td><td>留言信息</td></tr>
	<%
		
		ArrayList<_MessageBox> almb = new ArrayList<_MessageBox>();
		almb = (ArrayList<_MessageBox>)request.getAttribute("almb");
		for(_MessageBox mb:almb){
	%>	
		 <tr><td><%=mb.getSs().getName()%></td><td><%=mb.getMbTime()%></td><td><%=mb.getMbMess()%></td></tr>
	<% 
		}
	%>
	</table>
	<hr/>
	<form action="MessCon?type=2" method="post" id="mt">
		<input type="hidden" value="<%=request.getAttribute("user")%>" name="user"/>
		<table>
			<tr><td><textarea name="AddMess" style="width: 250px;height: 100px;"></textarea></td></tr>
			<tr><td><input type="submit" value="提交" οnclick="notAcc()"/><input type="reset" value="提交"/></td></tr>
		</table>
	</form>
	
	
  </body>
</html>

--后台代码

package com.xiaofu.db.control;

import java.io.IOException;
import java.sql.SQLException;
import java.util.ArrayList;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import com.xiaofu.db.dao.MessageBoxDAO;
import com.xiaofu.db.model._MessageBox;

public class MessCon extends HttpServlet{
	
	private String strType = "";
	private MessageBoxDAO mbDAO = null;
	private ArrayList<_MessageBox> almb = null;
	private boolean pdCF = false;
	
	//初始化
	public void init(){
		mbDAO = new MessageBoxDAO();
		almb = new ArrayList<_MessageBox>();
	}
	
	protected void doGet(HttpServletRequest req, HttpServletResponse res)
			throws ServletException, IOException {
		strType = req.getParameter("type");
		switch (Integer.valueOf(strType)) {
		/*1表示登录时候，获取所有留言信息*/
		case 1:
			getAllMess(req,res);
			break;
		case 2:
			setNesMess(req,res);
		default:
			break;
		}
	}
	
	private void setNesMess(HttpServletRequest req, HttpServletResponse res) {
		// TODO Auto-generated method stub
		try {
			/*令牌控制*/
			if(req.getSession().getAttribute("time")!=null){
				
				if(!req.getSession().getAttribute("time").equals(req.getParameter("times"))){
					System.out.println("session里面有值，但是和传递过来的time不相等");
					pdCF = true;
					req.getSession().setAttribute("time", req.getParameter("times"));
				}else{
					System.out.println("你正在刷新重复提交");
					pdCF = false;
				}
				req.getSession().setAttribute("time", req.getParameter("times"));
			}else{
				System.out.println("session 为空");/*为空说明第一次*/
				req.getSession().setAttribute("time", req.getParameter("times"));
				pdCF = true;
			}
			/*依照它pdCF为true false 而进行是否执行*/
			if(pdCF && req.getParameter("AddMess")!=null&&req.getParameter("AddMess").length()>0){
				if(mbDAO.doInsertMessage(req.getParameter("user"), req.getParameter("AddMess"))){
					req.setAttribute("user", req.getParameter("user"));
					req.getRequestDispatcher("MessCon?type=1").forward(req, res);
				}
			}else{
				req.setAttribute("user", req.getParameter("user"));
				req.getRequestDispatcher("MessCon?type=1").forward(req, res);
			}
			
		} catch (SQLException e) {
			// TODO Auto-generated catch block
			e.printStackTrace();
		} catch (IOException e) {
			// TODO Auto-generated catch block
			e.printStackTrace();
		} catch (ServletException e) {
			// TODO Auto-generated catch block
			e.printStackTrace();
		}
	}

	private void getAllMess(HttpServletRequest req, HttpServletResponse res) {
		// TODO Auto-generated method stub
		try {
			almb.clear();
			almb = mbDAO.getAllMessage();
			
			req.setAttribute("user", req.getAttribute("user"));
			req.setAttribute("almb", almb);
			req.getRequestDispatcher("welcome.jsp").forward(req, res);
		
		} catch (SQLException e) {
			// TODO Auto-generated catch block
			e.printStackTrace();
		} catch (ServletException e) {
			// TODO Auto-generated catch block
			e.printStackTrace();
		} catch (IOException e) {
			// TODO Auto-generated catch block
			e.printStackTrace();
		}
	}

	protected void doPost(HttpServletRequest req, HttpServletResponse res)
			throws ServletException, IOException {
		this.doGet(req, res);
	}
}