首页 > 代码库 > 10-客户端防表单重复提交和服务器端session防表单重复提交
10-客户端防表单重复提交和服务器端session防表单重复提交
/****************************************************DoFormServlet********************************************************/
package session;
import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
public class DoFormServlet extends HttpServlet {
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
/*String name = request.getParameter("user");
try {
Thread.sleep(1000*3);
} catch (InterruptedException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
//模拟向数据库注册用户
System.out.println("向数据库注册用户");*/
boolean b = isTokenValid(request);
if(!b){
System.out.println("请不要重复提交");
return;
}
//在向数据库中提交之前要remove掉表单号
request.getSession().removeAttribute("token");
System.out.println("向数据库注册用户");
}
//判断表单号是否有效
private boolean isTokenValid(HttpServletRequest request) {
//得到客户机带过来的表单号
String clientToken = request.getParameter("token");
//判断客户机是否带表单号过来
//如果没带过来,我也认为你是重复提交
if(clientToken==null){
return false;
}
//判断服务器里有没有表单号
String serverToken = (String) request.getSession().getAttribute("token");
//服务端里如果没有的话,也不行
if(serverToken == null){
return false;
}
//客户端和服务端不想等的话也不行
if(!clientToken.equals(serverToken)){
return false;
}
return true;
}
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
doGet(request, response);
}
}
/*********************************************************************************form.jsp***********************************************/
<%@ page language="java" contentType="text/html; charset=UTF-8"
pageEncoding="UTF-8"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>Insert title here</title>
</head>
<body>
<form action="/day07/DoFormServlet" method="post">
<input type="hidden" name="token" value="http://www.mamicode.com/${token}">
用户名:<input type="text" name="username"><br>
<input type="submit" value="http://www.mamicode.com/提交">
</form>
</body>
</html>
/****************************************************************DoFormServlet**************************************************************/
package session;
import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
public class DoFormServlet extends HttpServlet {
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
/*String name = request.getParameter("user");
try {
Thread.sleep(1000*3);
} catch (InterruptedException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
//模拟向数据库注册用户
System.out.println("向数据库注册用户");*/
boolean b = isTokenValid(request);
if(!b){
System.out.println("请不要重复提交");
return;
}
//在向数据库中提交之前要remove掉表单号
request.getSession().removeAttribute("token");
System.out.println("向数据库注册用户");
}
//判断表单号是否有效
private boolean isTokenValid(HttpServletRequest request) {
//得到客户机带过来的表单号
String clientToken = request.getParameter("token");
//判断客户机是否带表单号过来
//如果没带过来,我也认为你是重复提交
if(clientToken==null){
return false;
}
//判断服务器里有没有表单号
String serverToken = (String) request.getSession().getAttribute("token");
//服务端里如果没有的话,也不行
if(serverToken == null){
return false;
}
//客户端和服务端不想等的话也不行
if(!clientToken.equals(serverToken)){
return false;
}
return true;
}
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
doGet(request, response);
}
}