Token-based processing is the one-and-done approach.
Prevent web page back-disable caching
By controlling the browser's cache and the validity period of the page, when you click the browser back button on the new page after redirection, it will prompt "The web page has expired". This prevents the form from being submitted when going back. But this method is not valid for all browsers, so you should consider it before using it. When responding, add the following code to the header to control the browser's cache and the validity period of the web page, or add it directly to the
of the web page:
//.....
///In IE 4 or 5, Cache-Control The tag will be ignored and has no effect
header('Cache-Control: no-cache');
header('Expires: 0');
//Valid for https, with "Expires: - 1" is the same. At this time, the browser still caches the page, but marks the page as expiring immediately
header('Pragma:no-cache');
//....
?>
action has such a method to generate tokens
protected String generateToken(HttpServletRequest request) {
HttpSession session = request.getSession();
try {
byte id[] = session.getId().getBytes();
byte now[] =
new Long(System.currentTimeMillis()).toString().getBytes();
MessageDigest md = MessageDigest.getInstance("MD5");
md.update(id) ;
md.update(now);
return (toHex(md.digest()));
} catch (IllegalStateException e) {
return (null);
} catch ( NoSuchAlgorithmException e) {
return (null);
}
}
asp to do the example
Form file formtest.asp
<%
Randomize 'Initial generation random number seed
num1=rnd() 'Generate a random number num1
num1=int(26*num1) 65 'Modify the range of num1 so that it is an Ascii code in the A-Z range to prevent errors in the form name
session("antry")="test" &chr(num1) 'Generate a random string
%>
Form handler testact.asp
<%
teststr=request.form(session("antry"))
if teststr="" then
response.write "No name filled in or repeated submission"
'Due to The user did not fill in the name, or the form was submitted repeatedly (the flag is session("antry") is empty) causing
else
response.write teststr
session("antry")="" 'Submission successful, Clear session("antry") to prevent repeated submissions! !
End if
%>
Here, you only need to randomize the form item name of a required item, you don’t have to randomize all form items.