session防止表单重复提交
(1)包含有Form表单得页面必须通过一个服务器程序动态生成,服务器程序为每次产生得页面中的form表单都分配一个唯一得随机标识号,并在form表单得一个隐藏域 保存
(2)当用户提交form得时候,负责接受这一请求得服务器程序比较form表单隐藏字段中的标识号与存贮在session中的是否相同,当下列情情况时候,服务器程序将忽略提交请求:
a.当前用户session不存在表单标识
b.用户提交得表单数据并没有标识号字段
c.存贮在当前用户的session中得标识号与表单数据中的不同
- <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
- <html>
- <head>
- <title>RepeateForm.html</title>
- <metahttp-equiv="keywords"content="keyword1,keyword2,keyword3">
- <metahttp-equiv="description"content="this is my page">
- <metahttp-equiv="content-type"content="text/html; charset=UTF-8">
- <!--<link rel="stylesheet" type="text/css" href="./styles.css">-->
- <scripttype="text/javascript">
- var iscommitted = false;
- function checkPost(){
- if(!iscommitted){
- document.getElementById("sub").disabled =turn;
- iscimmitted = turn;
- return trun;
- }else{
- // alert("不能重复提交表单!");
- return false;
- }
- }
- </script>
- </head>
- <body>
- <formaction="/BookHistory/serlevt/RepeateFormServlet"method="poss"onsubmit="return checkPost()">
- 用户名:<inputtype="text"name="username"/><br>
- <inputtype="submit"value="提交"id="sub"/>
- </form>
- </body>
- </html>
- package com.hbsi.servlet;
- import java.io.IOException;
- import java.io.PrintWriter;
- import javax.servlet.ServletException;
- import javax.servlet.http.HttpServlet;
- import javax.servlet.http.HttpServletRequest;
- import javax.servlet.http.HttpServletResponse;
- public class FormDealServlet extends HttpServlet {
- public void doGet(HttpServletRequest request, HttpServletResponse response)
- throws ServletException, IOException {
- /* String client_token = request.getParameter("token");
- if(client_token==null){
- return false;*/
- boolean b = isTokenValidate(request);
- if(!b){
- System.out.print("请不要重复提交");
- return;
- }
- request.getSession().removeAttribute("token");
- System.out.print("项数据库注册用户信息。。。");
- }
- private boolean isTokenValidate(HttpServletRequest request){
- String client_token = request.getParameter("token");
- if(client_token==null){
- return false;
- }
- String server_token=(String) request.getSession().getAttribute("token");
- if(server_token==null){
- return false;
- }
- if(!client_token.equals(server_token)){
- return false;
- }
- return true;
- }
- public void doPost(HttpServletRequest request, HttpServletResponse response)
- throws ServletException, IOException {
- }
- }
- package com.hbsi.servlet;
- import java.io.IOException;
- import java.io.PrintWriter;
- import javax.servlet.ServletException;
- import javax.servlet.http.HttpServlet;
- import javax.servlet.http.HttpServletRequest;
- import javax.servlet.http.HttpServletResponse;
- public class ForeGenerateServlet extends HttpServlet {
- public void doGet(HttpServletRequest request, HttpServletResponse response)
- throws ServletException, IOException {
- response.setContentType("text/heml;charset=UTF-8");
- PrintWriter out = response.getWriter();
- //产生表单号
- TokenProcessor tp = TokenProcessor.getInstance();
- String token= tp.generateToken();
- request.getSession().setAttribute("token", token);
- out.print("<formaction='/BookHistory/servlet/FormDealServlet'method='post'/>");
- out.print("<inputtype='hidden'name='token'value='"+token+"'/>");
- out.print("用户名:<inputtype='text'name='username'/>");
- out.print("<inputtype='submit'value='提交'/>");
- out.print("</form>");
- }
- public void doPost(HttpServletRequest request, HttpServletResponse response)
- throws ServletException, IOException {
- }
- }
- package com.hbsi.servlet;
- import java.security.MessageDigest;
- import java.security.NoSuchAlgorithmException;
- import java.util.Random;
- import sun.misc.BASE64Encoder;
- public class TokenProcessor {
- private TokenProcessor(){
- }
- private static final TokenProcessor instance=new TokenProcessor();
- public static TokenProcessor getInstance(){
- return instance;
- }
- public String generateToken(){
- int i= new Random().nextInt();
- String token= System.currentTimeMillis()+i+"";
- try {
- MessageDigest md=MessageDigest.getInstance("md5");
- byte[]md5 = md.digest(token.getBytes());
- //base64编码
- BASE64Encoder encoder = new BASE64Encoder();
- encoder.encode(md5);
- //return new String(md5);
- } catch (NoSuchAlgorithmException e) {
- // TODO Auto-generated catch block
- //e.printStackTrace();
- throw new RuntimeException(e);
- }
- return null;
- }
- }
- package com.hbsi.servlet;
- import java.io.IOException;
- import java.io.PrintWriter;
- import javax.servlet.ServletException;
- import javax.servlet.http.HttpServlet;
- import javax.servlet.http.HttpServletRequest;
- import javax.servlet.http.HttpServletResponse;
- public class RepeateFormServlet extends HttpServlet {
- public void doGet(HttpServletRequest request, HttpServletResponse response)
- throws ServletException, IOException {
- response.setContentType("text/html;charset=UTF-8");
- PrintWriter out = response.getWriter();
- String username = request.getParameter("username");
- try {
- Thread.sleep(5*1000);
- } catch (InterruptedException e) {
- // TODO Auto-generated catch block
- e.printStackTrace();
- }
- out.print("以处理你的信息");
- System.out.println("向数据库注册信息……");
- }
- public void doPost(HttpServletRequest request, HttpServletResponse response)
- throws ServletException, IOException {
- doGet(request,response);
- }
- }