Announcement Announcement Module
Collapse
No announcement yet.
Duplicate Form Submission Handling Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Duplicate Form Submission Handling

    Could someone review the handling, if any, provided by Spring to handle duplicate form submissions.

    Didnt seem to be anything covering this in the docs.

  • #2
    Duplicate Form Submissions

    See samples for an example of how to handle this:
    samples\petclinic\src\org\springframework\samples\ petclinic\web\AddOwnerForm.handleInvalidSubmit

    Comment


    • #3
      But how does it work?

      Thanks for that.

      I was actually hoping for a little more detail with respect to how the framework code determines whether the 'handleInvalidRequest' function should be called.

      As far as I can make out it seems to check if a form object exists in the session. If it doesn't then it calls this function.

      I was wondering if the 'synchronizeOnSession' field had to be true in order for this to work so as to prevent race conditions on the 'handleInternalRequest' function.

      Guess these are questions for the development team really. Would appreciate a basic rundown on how this works in practice.

      Frank

      Comment


      • #4
        it seems to check if a form object exists in the session. If it doesn't then it calls this function.
        You're correct. Relevant code is in org.springframework.web.servlet.mvc.AbstractFormCo ntroller.
        Code:
        		if (isFormSubmission(request)) {
        			if (isSessionForm() && request.getSession().getAttribute(getFormSessionAttributeName()) == null) {
        				// cannot submit a session form if no form object is in the session
        				return handleInvalidSubmit(request, response);
        			}
                                 ....
        I was wondering if the 'synchronizeOnSession' field had to be true in order for this to work
        No. You're first assessment was correct. The same client could submit at any time, and if there is no form in the session (and it requires one) handleInvalidSubmit will be called.

        Comment


        • #5
          I've been looking into how to prevent duplicate form submissions, and trying to get to grips with how the handleInvalidSubmit method helps. It's my understanding that, when sessionForm is true, the command object can act as a kind of synchronizer token - if it doesn't exist in the session when a form is submitted, it can be assumed that that the submit is a duplicate - handleInvalidSubmit is then called.

          From the source code I gather that there is indeed a possibility of a race condition, unless there's some sort of synchronization (e.g. through the synchronizeOnSession functionality). :shock:

          Admittedly this is rather unlikely to happen often.

          The key methods to look at are in AbstractFormController: handleRequestInternal and getCommand. Basically, the code in handleRequestInternal checks for whether the form command object exists in the session, and calls handleInvalidSubmit if it doesn't. Assuming the command object does exist in the session, handleRequestInternal then calls getCommand. getCommand retrieves the object from the session, removes it from the session, and returns it.

          Anyway, the source code explains it a lot better than me, but the upshot is that it looks like two submits in close succession could result in a ServletException being thrown from getCommand. If synchronizeOnSession was true, this would be avoided and the duplicate submit would be detected.

          I think it's possible that a little synchronization on the session object in the getCommand method (along with a little re-working of handleRequestInternal) could prevent this from happening, but it probably makes more sense to just set synchronizeOnSession to true.

          Martin

          Comment


          • #6
            synchronizeOnSession to true

            I see the race condition here (I have a rather "fat" Session object, I think that's why).
            So, could you, please, be more specific regarding synchronizeOnSession, please?

            Regarding where actually would be better to set it to true?

            many thanks in advance,

            serge

            Comment


            • #7
              Sorry, never mind. I have found a proper place already.

              Thanks!

              serge

              Comment

              Working...
              X