struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Erik Weber <erikwe...@mindspring.com>
Subject Re: Need a synchronizer token
Date Mon, 26 Jul 2004 06:25:30 GMT
Thanks, Kataria. But, after looking at these methods, I'm still not sure 
how you set the hidden field in the form. For example, what name do you 
use for the parameter? Or is this handled by a Struts tag?

Erik



Kataria, Satish wrote:

>Refer to the documentation of the action class. It has savetoken() &
>istokenvalid() method to implement the synchronizer token patter.
>
>Thanks,
>Satish
>
>
>
>-----Original Message-----
>From: Erik Weber [mailto:erikweber@mindspring.com] 
>Sent: Monday, July 26, 2004 11:11 AM
>To: Struts Users Mailing List
>Subject: Need a synchronizer token
>
>
>I know I've seen somewhere that Struts handles the synchronizer token 
>pattern -- where a synchronizer token is embedded as a hidden form field
>
>and compared with an expected value stored as a session attribute before
>
>a write action is performed -- but I don't know exactly where to look.
>
>Can someone tell me the Struts way to handle this?
>
>Thanks,
>Erik
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
>For additional commands, e-mail: user-help@struts.apache.org
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
>For additional commands, e-mail: user-help@struts.apache.org
>
>
>  
>

---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org


Mime
View raw message