index.jsp
<%@ page language="java" import="java.util.*" pageEncoding="UTF-8"%>
<%
String path = request.getContextPath();
String basePath = request.getScheme() + "://"
+ request.getServerName() + ":" + request.getServerPort()
+ path + "/";
%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<base href="<%=basePath%>">
<title>My JSP 'index.jsp' starting page</title>
<meta http-equiv="pragma" content="no-cache">
<meta http-equiv="cache-control" content="no-cache">
<meta http-equiv="expires" content="0">
<meta http-equiv="keywords" content="keyword1,keyword2,keyword3">
<meta http-equiv="description" content="This is my page">
<!--
<link rel="stylesheet" type="text/css" href="styles.css">
-->
</head>
<body>
<%
long token = System.currentTimeMillis(); //产生时间戳的token
session.setAttribute("token", token);
%>
<form action="Test" method="post">
<input type="text" name="username" /> <input type="text"
name="password" /> <input type="hidden" value="<%=token%>"
name="token" />
<!-- 作为hidden提交 -->
<input type="submit" value="提交" />
</form>
</body>
</html>
Test.java(是一个Servlet)
import java.io.IOException;
import java.io.PrintWriter;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
public class Test extends HttpServlet {
public void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
this.doPost(request, response);
}
protected void doPost(HttpServletRequest req, HttpServletResponse resp)
throws ServletException, IOException {
req.setCharacterEncoding("utf-8");
resp.setCharacterEncoding("utf-8");
resp.setContentType("text/html,charset=utf-8");
String username = req.getParameter("username");
String password = req.getParameter("password");
long token = Long.parseLong(req.getParameter("token"));
long tokenInSession = Long.parseLong(req.getSession().getAttribute(
"token")
+ "");
if (token == tokenInSession) {
resp.getWriter().println("ok ");
// 如果是第一次请求,则产生新的token,以防止下次的重复的提交
req.getSession().setAttribute("token", System.currentTimeMillis());
} else {
resp.getWriter().println("do not repeat submit");
}
}
}