23

What's the best way of avoiding duplicate form submission in Spring. Does this framework provide any special feature to handle this problem (for example as the Synchronizer Token in Struts)?

Nidhish Krishnan
  • 20,593
  • 6
  • 63
  • 76
Javi
  • 19,387
  • 30
  • 102
  • 135
  • 1
    This is not specific to any framework, but you can prevent duplicate submission with jQuery. http://stackoverflow.com/questions/2830542/prevent-double-submission-of-forms-in-jquery/4473801#4473801 – Nathan Long Jan 25 '11 at 15:40

3 Answers3

39

There are different ways to avoid double submits, which can be combined:

  1. Use JavaScript to disable the button a few ms after click. This will avoid multiple submits being caused by impatient users clicking multiple times on the button.

  2. Send a redirect after submit, this is known as Post-Redirect-Get (PRG) pattern. This will avoid multiple submits being caused by users pressing F5 on the result page and ignoring the browser warning that the data will be resend, or navigating back and forth by browser back/forward buttons and ignoring the same warning.

  3. Generate an unique token when the page is requested and put in both the session scope and as hidden field of the form. During processing, check if the token is there and then remove it immediately from the session and continue processing. If the token is not there, then block processing. This will avoid the aforementioned kinds of problems.

In Spring you can use RedirectView as implementation of the PRG pattern (as described in point 2). The other two points needs to be implemented yourself.

BalusC
  • 1,082,665
  • 372
  • 3,610
  • 3,555
  • 1
    Hi I applied PRG pattern. it works fine. but i need to pass a message to Get method like "User Id 1001 created successfully". for that i have a controller class level variable that will set its value at post method and will get it at GET method. This will create problem for concurrent user. How can i avoid this issue? – Dhrumil Shah Oct 05 '11 at 07:23
  • 1
    @Dhrumil: Store it in the session or a cookie instead. – BalusC Jun 06 '12 at 12:16
  • no its takes some more processing time.. instead of our manual coding framework should provide some feature like Tokens that Struts2.0 provides default. – Dhrumil Shah Jun 07 '12 at 10:48
  • +1 for such a great answer – kakabali Aug 01 '13 at 02:43
  • Just for reference Struts uses the 3rd solution (http://dev.anyframejava.org/docs.en/anyframe/plugin/optional/struts/1.0.0/reference/html/ch10.html) – Mike Argyriou Aug 22 '14 at 07:14
  • @BalusC What about another similar approach related to point C. Generate an unique token when the page is requested and put as hidden field of the form. Now in web filter put it in session in finally block remove it. In the mean time if you get same token from request ,if it is there in session reject. The only difference is we don't have to store the token in advance . Instead we will store it when it is required like in post request – M Sach Sep 28 '16 at 05:59
5

this page seems to answer your question (for the token issue, I mean. The javascript and post-redirect-get parts of the question aren't covered here):

http://explodingjava.blogspot.com/2009/03/spring-mvc-synchronizer-token.html

bharal
  • 15,461
  • 36
  • 117
  • 195
4

Just do a redirect after post. After a form submission is successful, when returning your ModelAndView make sure the View is a RedirectView. From the user's POV, they submit the form, and then are redirected to make a "GET" to another URL. This way they won't double submit.

Note that when using a Redirect View, Model Attributes get exposed in the URL as the parameters. So you might want to keep the attributes as thin as possible. What I typically do is show the user a page that doesn't really contain any unique information, just a "confirm" message.

bpapa
  • 21,409
  • 25
  • 99
  • 147