重复提交
比较常见的重复提交的方式有: 1、多次点击提交按钮;2、刷新等
避免方式:Session防止令牌,交到页面,提交后用页面的令牌和Session比较
编写步骤
1、对要防止重复提交的操作,页面放置服务器Session的Token值
<input name="SesToken" value="${SesToken }" type="hidden"/>
2、提交到后台后做验证
@RequestMapping("/add")public void add(HttpServletRequest request,HttpServletResponse response,Test test){
//验证重复提交的令牌
if ("false".equals(Token.validToken(request))) {
return;
}
try{
}catch(Exception e){
e.printStackTrace();
}
}
public class Token {
/***
* 设置令牌
* @param request
*/
public static void setToken(HttpServletRequest request){
request.getSession().setAttribute("SesToken",UUID.randomUUID().toString() );
}
public static String getToken(HttpServletRequest request){
String sessionToken = (String)request.getSession().getAttribute("SesToken");
if(null == sessionToken || "".equals(sessionToken)){
sessionToken = UUID.randomUUID().toString();
request.getSession().setAttribute("SesToken",sessionToken );
}
return sessionToken;
}
/***
* 验证是否为重复提交
* @param HttpServletRequest request
* @return String true非重复提交,false重复提交,error非法操作
*/
public static String validToken(HttpServletRequest request){
String sessionToken = (String)request.getSession().getAttribute("SesToken");
String requestToken = request.getParameter("SesToken");
if(null == sessionToken || "null".equals(sessionToken)){
sessionToken = "";
}
if(null == requestToken || "null".equals(requestToken) ){
requestToken = "";
}
if(sessionToken.equals(requestToken)){
//返回前一定要重置session中的SesToken
request.getSession().setAttribute("SesToken",UUID.randomUUID().toString() );
//非重复提交
return "true";
}else{
//返回前一定要重置session中的SesToken
request.getSession().setAttribute("SesToken",UUID.randomUUID().toString() );
//重复提交
return "false";
}
}
}