session防止表单重复提交

(1)包含有Form表单得页面必须通过一个服务器程序动态生成,服务器程序为每次产生得页面中的form表单都分配一个唯一得随机标识号,并在form表单得一个隐藏域 保存

(2)当用户提交form得时候,负责接受这一请求得服务器程序比较form表单隐藏字段中的标识号与存贮在session中的是否相同,当下列情情况时候,服务器程序将忽略提交请求:

a.当前用户session不存在表单标识
b.用户提交得表单数据并没有标识号字段
c.存贮在当前用户的session中得标识号与表单数据中的不同

  1. <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
  2. <html>
  3. <head>
  4. <title>RepeateForm.html</title>
  6. <metahttp-equiv="keywords"content="keyword1,keyword2,keyword3">
  7. <metahttp-equiv="description"content="this is my page">
  8. <metahttp-equiv="content-type"content="text/html; charset=UTF-8">
  10. <!--<link rel="stylesheet" type="text/css" href="./styles.css">-->
  11. <scripttype="text/javascript">
  12. var iscommitted = false;
  13. function checkPost(){
  14. if(!iscommitted){
  15. document.getElementById("sub").disabled =turn;
  16. iscimmitted = turn;
  17. return trun;
  18. }else{
  19. // alert("不能重复提交表单!");
  20. return false;
  21. }
  22. }
  23. </script>
  24. </head>
  26. <body>
  27. <formaction="/BookHistory/serlevt/RepeateFormServlet"method="poss"onsubmit="return checkPost()">
  28. 用户名:<inputtype="text"name="username"/><br>
  29. <inputtype="submit"value="提交"id="sub"/>
  30. </form>
  32. </body>
  33. </html>
  38. package com.hbsi.servlet;
  40. import java.io.IOException;
  41. import java.io.PrintWriter;
  43. import javax.servlet.ServletException;
  44. import javax.servlet.http.HttpServlet;
  45. import javax.servlet.http.HttpServletRequest;
  46. import javax.servlet.http.HttpServletResponse;
  48. public class FormDealServlet extends HttpServlet {
  51. public void doGet(HttpServletRequest request, HttpServletResponse response)
  52. throws ServletException, IOException {
  53. /* String client_token = request.getParameter("token");
  55. if(client_token==null){
  56. return false;*/
  57. boolean b = isTokenValidate(request);
  58. if(!b){
  59. System.out.print("请不要重复提交");
  60. return;
  61. }
  62. request.getSession().removeAttribute("token");
  63. System.out.print("项数据库注册用户信息。。。");
  65. }
  69. private boolean isTokenValidate(HttpServletRequest request){
  70. String client_token = request.getParameter("token");
  72. if(client_token==null){
  73. return false;
  75. }
  76. String server_token=(String) request.getSession().getAttribute("token");
  77. if(server_token==null){
  78. return false;
  80. }
  81. if(!client_token.equals(server_token)){
  82. return false;
  83. }
  84. return true;
  85. }
  87. public void doPost(HttpServletRequest request, HttpServletResponse response)
  88. throws ServletException, IOException {
  90. }
  93. }
  96. package com.hbsi.servlet;
  98. import java.io.IOException;
  99. import java.io.PrintWriter;
  101. import javax.servlet.ServletException;
  102. import javax.servlet.http.HttpServlet;
  103. import javax.servlet.http.HttpServletRequest;
  104. import javax.servlet.http.HttpServletResponse;
  106. public class ForeGenerateServlet extends HttpServlet {
  108. public void doGet(HttpServletRequest request, HttpServletResponse response)
  109. throws ServletException, IOException {
  110. response.setContentType("text/heml;charset=UTF-8");
  111. PrintWriter out = response.getWriter();
  112. //产生表单号
  113. TokenProcessor tp = TokenProcessor.getInstance();
  114. String token= tp.generateToken();
  115. request.getSession().setAttribute("token", token);
  117. out.print("<formaction='/BookHistory/servlet/FormDealServlet'method='post'/>");
  118. out.print("<inputtype='hidden'name='token'value='"+token+"'/>");
  119. out.print("用户名:<inputtype='text'name='username'/>");
  120. out.print("<inputtype='submit'value='提交'/>");
  121. out.print("</form>");
  124. }
  127. public void doPost(HttpServletRequest request, HttpServletResponse response)
  128. throws ServletException, IOException {
  131. }
  135. }
  138. package com.hbsi.servlet;
  140. import java.security.MessageDigest;
  141. import java.security.NoSuchAlgorithmException;
  142. import java.util.Random;
  144. import sun.misc.BASE64Encoder;
  146. public class TokenProcessor {
  147. private TokenProcessor(){
  149. }
  151. private static final TokenProcessor instance=new TokenProcessor();
  153. public static TokenProcessor getInstance(){
  154. return instance;
  155. }
  156. public String generateToken(){
  157. int i= new Random().nextInt();
  158. String token= System.currentTimeMillis()+i+"";
  159. try {
  160. MessageDigest md=MessageDigest.getInstance("md5");
  162. byte[]md5 = md.digest(token.getBytes());
  164. //base64编码
  165. BASE64Encoder encoder = new BASE64Encoder();
  166. encoder.encode(md5);
  168. //return new String(md5);
  170. } catch (NoSuchAlgorithmException e) {
  171. // TODO Auto-generated catch block
  172. //e.printStackTrace();
  173. throw new RuntimeException(e);
  174. }
  175. return null;
  176. }
  180. }
  184. package com.hbsi.servlet;
  186. import java.io.IOException;
  187. import java.io.PrintWriter;
  189. import javax.servlet.ServletException;
  190. import javax.servlet.http.HttpServlet;
  191. import javax.servlet.http.HttpServletRequest;
  192. import javax.servlet.http.HttpServletResponse;
  194. public class RepeateFormServlet extends HttpServlet {
  196. public void doGet(HttpServletRequest request, HttpServletResponse response)
  197. throws ServletException, IOException {
  198. response.setContentType("text/html;charset=UTF-8");
  199. PrintWriter out = response.getWriter();
  201. String username = request.getParameter("username");
  203. try {
  204. Thread.sleep(5*1000);
  205. } catch (InterruptedException e) {
  206. // TODO Auto-generated catch block
  207. e.printStackTrace();
  208. }
  209. out.print("以处理你的信息");
  210. System.out.println("向数据库注册信息……");
  213. }
  216. public void doPost(HttpServletRequest request, HttpServletResponse response)
  217. throws ServletException, IOException {
  218. doGet(request,response);
  221. }
  224. }
posted @ 2012-11-07 11:37  温诗袀  阅读(154)  评论(0编辑  收藏  举报