利用isTokenValid(request, true)// 验证是否有效并且重新生成session 的token, 而request的token不会更新
从而避免重复提交
public synchronized boolean isTokenValid(HttpServletRequest request,
boolean reset)
{
HttpSession session = request.getSession(false);
if (session == null)
{
return false;
}
String saved = (String) session
.getAttribute("org.apache.struts.action.TOKEN");
if (saved == null)
{
return false;
}
if (reset)
{
resetToken(request);
}
String token = request
.getParameter("org.apache.struts.taglib.html.TOKEN");
if (token == null)
{
return false;
}
return saved.equals(token);
}