表单重复提交问题
一、常见的重复提交问题
a>点击提交按钮两次。
b>点击刷新按钮。
c>使用浏览器后退按钮重复之前的操作,导致重复提交表单。
d>使用浏览器历史记录重复提交表单。
e>浏览器重复的HTTP请求。
二、防止表单重复提交原理
提交表单的时候提交一份随机的字符串或随机数字等等,再把这个随机的数据存到request里面,然后把表单数据提交,在后台验证的时候判断提交的这两份额外的数据是否一致,如果一致,则把其中一份删除掉,这么做的目的是防止再次提交,继续进行操作,如果不一致,则返回一个响应的页面进行提示!
三、代码
项目目录
login.jsp
<%@ page language="java" import="java.util.*" pageEncoding="UTF-8"%>
<%
String path = request.getContextPath();
String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/";
%><!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<base href="<%=basePath%>">
<title>表单重复提交问题</title>
<meta http-equiv="pragma" content="no-cache">
<meta http-equiv="cache-control" content="no-cache">
<meta http-equiv="expires" content="0">
<meta http-equiv="keywords" content="keyword1,keyword2,keyword3">
<meta http-equiv="description" content="This is my page">
<!--
<link rel="stylesheet" type="text/css" href="styles.css">
-->
<%
String tokenValue = new Date().getTime() + "";
%>
</head>
<body>
表单重复提交问题<hr>
<form action="<%=path %>/tokenServlet" method="post">
username :<input type="text" name="username" /><br>
password :<input type="password" type="password" size="20"/><br>
<input type="hidden" name="token" value="<%=tokenValue%>" />
<%
session.setAttribute("token", tokenValue);
%>
<input type="submit" value="登录">
</form>
</body>
</html>
success.jsp
<%@ page language="java" import="java.util.*" pageEncoding="UTF-8"%>
<%
String path = request.getContextPath();
String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/";
%><!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<base href="<%=basePath%>">
<title>My JSP 'index.jsp' starting page</title>
<meta http-equiv="pragma" content="no-cache">
<meta http-equiv="cache-control" content="no-cache">
<meta http-equiv="expires" content="0">
<meta http-equiv="keywords" content="keyword1,keyword2,keyword3">
<meta http-equiv="description" content="This is my page">
<!--
<link rel="stylesheet" type="text/css" href="styles.css">
-->
</head>
<body>
登陆成功,欢迎您,<%=request.getAttribute("username") %>
</body>
</html>
token.jsp
<%@ page language="java" import="java.util.*" pageEncoding="UTF-8"%>
<%
String path = request.getContextPath();
String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/";
%><!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<base href="<%=basePath%>">
<title>My JSP 'index.jsp' starting page</title>
<meta http-equiv="pragma" content="no-cache">
<meta http-equiv="cache-control" content="no-cache">
<meta http-equiv="expires" content="0">
<meta http-equiv="keywords" content="keyword1,keyword2,keyword3">
<meta http-equiv="description" content="This is my page">
<!--
<link rel="stylesheet" type="text/css" href="styles.css">
-->
</head>
<body>
请不要重复提交表单数据!<br>
</body>
</html>
TokenServlet.java
public class TokenServlet extends HttpServlet {
public void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
doPost(request, response);
}public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
HttpSession session = request.getSession();
Object token = session.getAttribute("token"); //session中的token
String tokenValue = request.getParameter("token"); //表单提交的隐藏数据token
System.out.println(token); //第二次进来的时候这个会输出null
System.out.println(tokenValue);
if(token != null && token.equals(tokenValue)){ //第一次进来符合,把数据移除,第二次进来不符合
session.removeAttribute("token");
}else {
response.sendRedirect(request.getContextPath() + "/token/token.jsp"); //请求转发
return ;
}
String username = request.getParameter("username");
request.setAttribute("username", username);
System.out.println("username = " + username);
request.getRequestDispatcher("/token/success.jsp").forward(request, response); //请求转 发
// response.sendRedirect(request.getContextPath() + "/token/success.jsp"); //请求重定向}
}
http://127.0.0.1:8080/tokenServlet
