1

i have multiple web pages jsp and i use for the resubmit in refresh response.sendredirect("blabla.jsp") but one page work good , another page wen i press submit it go to a blank page and the row added to database, any solution for this problem ? thank you

` 

<% String UC1 = "INIT";

    if (request.getParameter("add_spec") != null) {
        UC1 = "ADD_SPEC";
    }
    if (UC1.equals("INIT")) {
        List<Speciality> specs = SpecialityController.INSTANCE.findAll();
%>

<%@include file="./WEB-INF/Add_Spec.jspf" %>
<%@include file="./WEB-INF/view_all_specs.jspf" %> 
<%}
    if (UC1.equals("ADD_SPEC")) {
        String spec = request.getParameter("speciality");

        SpecialityController.INSTANCE.create(new Speciality(spec));
        List<Speciality> specs = SpecialityController.INSTANCE.findAll();
          response.sendRedirect("main_admin.jsp");

%>

<%@include file="./WEB-INF/Add_Spec.jspf" %>
<%@include file="./WEB-INF/view_all_specs.jspf" %> 
<% }
%>

`

Oubayda Samrouth
  • 29
  • 5
  • Normally you don't want a browser refresh to impact again on your application. Is this what you are asking and wanting? – Juan May 21 '18 at 20:03
  • im talking about if i dont put sendRedirect(), and add from a web pages to the database , after the submut action , if i refresh the page it will resend the submission again – Oubayda Samrouth May 21 '18 at 20:08
  • To protect against data been sent twice google for how to implement a nonce in the form. – Juan May 21 '18 at 20:12
  • im using *JSP* does it possible to do that ? – Oubayda Samrouth May 21 '18 at 20:38
  • The idea is to generate a random token each time the page with the form is rendered. The token is stored in the session, and also included in the form as a hidden input. When the page is submitted the token in the session is compared to the one submitted in the hidden input. If they are the same the form is to be processed, and the token removed from the session. Otherwise, if the token doesn't exist in the session or if it is different, then an old or spoofed form was submitted, and has to be ignored. – Juan May 21 '18 at 21:53

1 Answers1

1

You can use the Post/Redirect/Get pattern.

When a web form is submitted to a server through an HTTP POST request, a web user that attempts to refresh the server response in certain user agents can cause the contents of the original POST request to be resubmitted, possibly causing undesired results, such as a duplicate web purchase. To avoid this problem, many web developers use the PRG pattern - instead of returning a web page directly, the POST operation returns a redirection command.

In other words, when you submit the data, you should redirect to the page on which you can view (get) the data you've just added.

That way, refreshing will not resubmit the data.

Alternatively, you could use a CSRF/XSRF-like token.

Though this example is in PHP, you should understand the gist of it.

Update

Even better, you can check out this example for CSRF https://services.teammentor.net/article/00000000-0000-0000-0000-000000040a2e

TwiN
  • 3,554
  • 1
  • 20
  • 31