Knowledgebase: Java/JSP Hosting Plans
Implementing a Form That Prevents Duplicate Submissions in a JSP Page
Posted by Customer Service on 25 May 2005 12:57 AM
After the user submits a form for processing, it is possible for the user to inadvertently hit the back button and resubmit the form again.  It is possible to prevent this possibility if necessary. The strategy involves the use of a timestamp that is saved in the session as well as embedded on the form. When the form is submitted for processing, the timestamp in the form is compared to the value saved in the session. If the timestamps do not match, it is assumed that either the form has expired or has been submitted.
    <%-- Instantiate the form validation bean and supply the error message map --%>
<%@ page import="com.mycompany.*" %>
<jsp:useBean id="form" class="com.mycompany.MyForm" scope="request">
<jsp:setProperty name="form" property="errorMessages" value='<%= errorMap %>'/>
</jsp:useBean>

<%
// Ask the browser not to cache the page
response.setHeader("Pragma", "no-cache");
response.setHeader("Cache-Control", "no-cache");


// If process is true and a timestamp is present, attempt to validate and process the form
String timestamp = request.getParameter("timestamp");
if ("true".equals(request.getParameter("process")) && timestamp != null) {
// Check timestamp
if (!timestamp.equals(session.getAttribute("com.mycompany.MyForm.timestamp"))) {
response.sendRedirect("formAlreadyDone.jsp");
return;
}
%>
<jsp:setProperty name="form" property="*" />
<%
if (form.process()) {
// Save a new timestamp in the session
timestamp = ""+System.currentTimeMillis();
session.setAttribute("com.mycompany.MyForm.timestamp", timestamp);

// Go to success page
response.sendRedirect("formDone.jsp");
return;
}
} else {
timestamp = ""+System.currentTimeMillis();
session.setAttribute("com.mycompany.MyForm.timestamp", timestamp);
}
%>

<html>
<head><title>A Simple Form That Prevents Duplicate Submissions</title></head>
<body>

<%-- When submitting the form, resubmit to this page --%>
<form action='<%= request.getRequestURI() %>' method="POST">
<%-- email --%>
<font color=red><%= form.getErrorMessage("email") %></font><br>
Email: <input type="TEXT" name="email" value='<%= form.getEmail() %>'>
<br>

<%-- zipcode --%>
<font color=red><%= form.getErrorMessage("zipcode") %></font><br>
Zipcode: <input type="TEXT" name="zipcode" value='<%= form.getZipcode() %>'>
<br>

<input type="SUBMIT" value="OK">
<input type="HIDDEN" name="process" value="true">

<%-- Save the timestamp in the form --%>
<input type="HIDDEN" name="timestamp" value="<%= timestamp %>">
</form>

</body>
</html>
<%!
// Define error messages
java.util.Map errorMap = new java.util.HashMap();
public void jspInit() {
errorMap.put(MyForm.ERR_EMAIL_ENTER, "Please enter an email address");
errorMap.put(MyForm.ERR_EMAIL_INVALID, "The email address is not valid");
errorMap.put(MyForm.ERR_ZIPCODE_ENTER, "Please enter a zipcode");
errorMap.put(MyForm.ERR_ZIPCODE_INVALID, "The zipcode must be 5 digits");
errorMap.put(MyForm.ERR_ZIPCODE_NUM_ONLY, "The zipcode must contain only digits");
}
%>
(653 vote(s))
Helpful
Not helpful

Comments (0)