参见英文答案 > How do you prevent a user from posting data multiple times on a website                                    7个
我有一个弹出窗口,其中有两个onclick方法,如“Submit”和“discard”.

当我单击提交两次时,它会插入两条记录,这意味着重复记录.

我怎么能避免这个？

解决方法:

防止双重提交是一个常见问题.

即使有很多解决方案,因为你已经标记了它struts2,框架提供了两种开箱即用的方式来处理双重提交：

> Token Interceptor

它返回一个invalid.token结果,例如,可以映射到错误：

Ensures that only one request per token is processed. This interceptor can make sure that back buttons and double clicks don’t cause un-intended side affects. For example, you can use this to prevent careless users who might double click on a “checkout” button at an online store. This interceptor uses a fairly primitive technique for when an invalid token is found: it returns the result invalid.token, which can be mapped in your action configuration. A more complex implementation, TokenSessionStoreInterceptor, can provide much better logic for when invalid tokens are found.

Note: To set a token in your form, you should use the token tag. This tag is required and must be used in the forms that submit to actions protected by this interceptor. Any request that does not provide a token (using the token tag) will be processed as a request with an invalid token.

> Token Session Interceptor

它构建了令牌拦截器,但具有更高级和用户友好的行为,这正是您所需要的：在双表单提交的情况下,它呈现第一个有效请求的结果,同时静默吞下第二个(以及随后的请求：

This interceptor builds off of the TokenInterceptor, providing advanced logic for handling invalid tokens. Unlike the normal token interceptor, this interceptor will attempt to provide intelligent fail-over in the event of multiple requests using the same session. That is, it will block subsequent requests until the first request is complete, and then instead of returning the invalid.token code, it will attempt to display the same response that the original, valid action invocation would have displayed if no multiple requests were submitted in the first place.

重要！

值得注意的是,exactly like for the Validation,像这样的服务器端解决方案应该是强制性的,而像仅使用Javascript禁用提交按钮的客户端解决方案是不够的.如果用户使用Firebug重新启用按钮怎么办？如果他/她使用Javascript伪造请求怎么办？如果我在我的银行网站上并尝试两次发送请求(例如现金转账),那么它只需处理一次就至关重要.

然后使用服务器端解决方案,如果你真的想要,还要添加一个客户端保护…请记住,你需要仔细检查每个可能的情况,不要在你的页面中以一个禁用的按钮结束由于无法预料的结果,请求已结束(特别是ajax,您已标记).