标签:
客户端防止表单重复提交:
不足之处:用户单击”刷新”,或单击”后退”再次提交表单,将导致表单重复提交
<script type="text/javascript"> //方式一 var iscommitted = false; function dosubmit(){ if(!iscommitted){ iscommitted = true; return true; }else{ return false; } } //方式二 function dosubmit(){ document.getElementById("submit").disabled = ‘disabled‘; return true; } </script>
服务器端防止表单重复提交
原理:表单不能用html方式来做,表单页面要由servlet程序生成,servlet为每次产生的表单页面分配一个唯一的随机标识号,并在FORM表单的一个隐藏字段中设置这个标识号,同时在当前用户的Session域中保存这个标识号。
当用户提交FORM表单时,负责处理表单提交的serlvet得到表单提交的标识号,并与session中存储的标识号比较,如果相同则处理表单提交,处理完后清除当前用户的Session域中存储的标识号。
在下列情况下,服务器程序将拒绝用户提交的表单请求:
1. 存储Session域中的表单标识号与表单提交的标识号不同
2. 当前用户的Session中不存在表单标识号
3. 用户提交的表单数据中没有标识号字段
//产生表单 public class FormServlet extends HttpServlet { public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { response.setContentType("text/html;charset=UTF-8"); response.setCharacterEncoding("UTF-8"); PrintWriter out = response.getWriter(); String token = TokenProcessor.getInstance().generateToken(); request.getSession().setAttribute("token", token); out.print("<form action=‘/day07/servlet/FormSubmitServlet‘ method=‘post‘>"); out.print("<input type=‘hidden‘ name=‘token‘ value=‘"+token+"‘>"); out.print("<input type=‘text‘ name=‘username‘>"); out.print("<input type=‘submit‘ value=‘提交‘>"); out.print("</form>"); } public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { doGet(request, response); } } class TokenProcessor{ //工具类产生表单标识号 //1. 把构造方法私有 //2. 自己产生一个类的对象 //3. 定义一个方法返回上面产生的对象 private TokenProcessor(){}; public static final TokenProcessor instance = new TokenProcessor(); public static TokenProcessor getInstance(){ return instance; } public String generateToken(){ //3843849384 9849238402840243802 983434 String token = System.currentTimeMillis() + "" + new Random().nextInt(99999999); //数据指纹 数据摘要 md5 try { MessageDigest md = MessageDigest.getInstance("md5"); byte md5[] = md.digest(token.getBytes()); //128位 16【12,23,34,544543543543,】 //base64编码 SABDSSDSD BASE64Encoder encoder = new BASE64Encoder(); return encoder.encode(md5); } catch (NoSuchAlgorithmException e) { throw new RuntimeException(e); } } }
public class FormSubmitServlet extends HttpServlet { public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { boolean b = isToken(request); if(!b){ //用户带过来的令牌无效,阻止提交 System.out.println("你是重复提交!!"); return; } //用户带过来的令牌有效,处理提交 request.getSession().removeAttribute("token"); String username = request.getParameter("username"); //把用户提交的数据保存到数据库中 System.out.println("处理提交请求,把" + username + "保存到数库中!!"); } //判断用户带过来的令牌是否有效 private synchronized boolean isToken(HttpServletRequest request) { String client_token = request.getParameter("token"); if(client_token==null){ return false; } String server_token = (String) request.getSession().getAttribute("token"); if(server_token==null){ return false; } if(!client_token.equals(server_token)){ return false; } return true; } public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { doGet(request, response); } }
标签:
原文地址:http://www.cnblogs.com/lxboy2009/p/5944134.html