Servlet防止重复提交(简单令牌方式)
作者:互联网
简单令牌原理
当前台点击submit按钮后,信息提交到后台,但是如果用户又继续刷新,那么将会重复提交
因此为了避免重复提交,在向后台提交时候,用js把当前提交时候的时间转成时间串,同步
提交给后台,这时候后台把信息和后台的session里面的时间对比,当然第一次提交的时候
session里面的时间信息是空的,所以可以执行提交内容。当二次提交的时候,前台传过去
时间传会和后台session里面第一次存的时间传对比如果不同,则说明不是重复提交,可以
执行提交内容,但是如果session里面的时间和前台传过来的时间传一样,那么说明是重复
提交。直接不执行提交,而是返回给原页面。
实现部分
--前台代码
<%@ page language="java" import="java.util.*" pageEncoding="GB18030"%>
<%@page import="com.xiaofu.db.model._MessageBox"%>
<%@taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
<%
String path = request.getContextPath();
String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/";
%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<base href="<%=basePath%>">
<title>My JSP 'welcome.jsp' starting page</title>
<meta http-equiv="pragma" content="no-cache">
<meta http-equiv="cache-control" content="no-cache">
<meta http-equiv="expires" content="0">
<meta http-equiv="keywords" content="keyword1,keyword2,keyword3">
<meta http-equiv="description" content="This is my page">
<!--
<link rel="stylesheet" type="text/css" href="styles.css">
-->
</head>
<script type="text/javascript" language="javascript">
var d,hms;
function notAcc(){
d = new Date();
hms = d.getTime();
var urlaction = document.getElementById("mt").action;
document.getElementById("mt").action = urlaction+"×="+hms;
return true;
}
</script>
<body>
<h1>欢迎<%=request.getAttribute("user")%>登录留言板</h1>
<hr/>
<table border="1">
<tr><td>留言人</td><td>留言时间</td><td>留言信息</td></tr>
<%
ArrayList<_MessageBox> almb = new ArrayList<_MessageBox>();
almb = (ArrayList<_MessageBox>)request.getAttribute("almb");
for(_MessageBox mb:almb){
%>
<tr><td><%=mb.getSs().getName()%></td><td><%=mb.getMbTime()%></td><td><%=mb.getMbMess()%></td></tr>
<%
}
%>
</table>
<hr/>
<form action="MessCon?type=2" method="post" id="mt">
<input type="hidden" value="<%=request.getAttribute("user")%>" name="user"/>
<table>
<tr><td><textarea name="AddMess" style="width: 250px;height: 100px;"></textarea></td></tr>
<tr><td><input type="submit" value="提交" οnclick="notAcc()"/><input type="reset" value="提交"/></td></tr>
</table>
</form>
</body>
</html>
--后台代码
package com.xiaofu.db.control;
import java.io.IOException;
import java.sql.SQLException;
import java.util.ArrayList;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import com.xiaofu.db.dao.MessageBoxDAO;
import com.xiaofu.db.model._MessageBox;
public class MessCon extends HttpServlet{
private String strType = "";
private MessageBoxDAO mbDAO = null;
private ArrayList<_MessageBox> almb = null;
private boolean pdCF = false;
//初始化
public void init(){
mbDAO = new MessageBoxDAO();
almb = new ArrayList<_MessageBox>();
}
protected void doGet(HttpServletRequest req, HttpServletResponse res)
throws ServletException, IOException {
strType = req.getParameter("type");
switch (Integer.valueOf(strType)) {
/*1表示登录时候,获取所有留言信息*/
case 1:
getAllMess(req,res);
break;
case 2:
setNesMess(req,res);
default:
break;
}
}
private void setNesMess(HttpServletRequest req, HttpServletResponse res) {
// TODO Auto-generated method stub
try {
/*令牌控制*/
if(req.getSession().getAttribute("time")!=null){
if(!req.getSession().getAttribute("time").equals(req.getParameter("times"))){
System.out.println("session里面有值,但是和传递过来的time不相等");
pdCF = true;
req.getSession().setAttribute("time", req.getParameter("times"));
}else{
System.out.println("你正在刷新重复提交");
pdCF = false;
}
req.getSession().setAttribute("time", req.getParameter("times"));
}else{
System.out.println("session 为空");/*为空说明第一次*/
req.getSession().setAttribute("time", req.getParameter("times"));
pdCF = true;
}
/*依照它pdCF为true false 而进行是否执行*/
if(pdCF && req.getParameter("AddMess")!=null&&req.getParameter("AddMess").length()>0){
if(mbDAO.doInsertMessage(req.getParameter("user"), req.getParameter("AddMess"))){
req.setAttribute("user", req.getParameter("user"));
req.getRequestDispatcher("MessCon?type=1").forward(req, res);
}
}else{
req.setAttribute("user", req.getParameter("user"));
req.getRequestDispatcher("MessCon?type=1").forward(req, res);
}
} catch (SQLException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (IOException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (ServletException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
}
private void getAllMess(HttpServletRequest req, HttpServletResponse res) {
// TODO Auto-generated method stub
try {
almb.clear();
almb = mbDAO.getAllMessage();
req.setAttribute("user", req.getAttribute("user"));
req.setAttribute("almb", almb);
req.getRequestDispatcher("welcome.jsp").forward(req, res);
} catch (SQLException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (ServletException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (IOException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
}
protected void doPost(HttpServletRequest req, HttpServletResponse res)
throws ServletException, IOException {
this.doGet(req, res);
}
}
标签:令牌,almb,res,req,getParameter,提交,catch,Servlet 来源: https://blog.51cto.com/u_14943622/2838970