You can use the xxxTokenxxx() methods in Struts actions to control
abnormal application navigation. The toolkit Struts framework prevents duplicate
order posting in a way described as following:
- Most of the Struts framework sets a token in a session variable
before returning a transactional page to the HTML client. This page carries
the token inside a hidden field.
- Upon submission, the request processor checks the presence of a valid
token in the request parameter by comparing token with the one registered
in the session. If the token is valid, the processing will continue, otherwise
an alternate action is taken.
- After checking, the token resets to null to prevent subsequent submissions
until a new token is saved in the session, which must be done at the appropriate
time based on the desired application flow of control. The privilege of submitting
data is only given to one specific instance of a view.