一、什么是表单重复提交？
当网络有延迟时，用户提交的表单等数据还没有完成此次提交，但用户又多次点击提交，造成用户数据在数据库或存储中被提交多次。
利用线程延迟，简单模拟重复提交。
表单页面为form.html
[html] view plain copy



form.html

<meta http-equiv="keywords" content="keyword1,keyword2,keyword3">  
<meta http-equiv="description" content="this is my page">  
<meta http-equiv="content-type" content="text/html; charset=UTF-8">  <!--<link rel="stylesheet" type="text/css" href="./styles.css">-->  

用户名 ：

处理提交请求的servlet为DoFormServlet.java
[java] view plain copy
package SessionDemo;

import java.io.IOException;
import java.io.PrintWriter;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

public class DoFormServlet extends HttpServlet
{

public void doGet(HttpServletRequest request, HttpServletResponse response)  throws ServletException, IOException  
{  String username = request.getParameter("username");  //利用线程休眠，模拟网络延迟  try  {  Thread.sleep(1000*3);  } catch (InterruptedException e)  {  e.printStackTrace();  }  System.out.println("向数据库中注册数据。");  
}  public void doPost(HttpServletRequest request, HttpServletResponse response)  throws ServletException, IOException  
{  doGet(request, response);  
}  

}
在浏览器中加载form.html

当用户反复点击“提交”时，就造成了重复提交。

二、解决方法一：利用javascript阻止
其他不变，将form.html修改为
[html] view plain copy



form.html

<meta http-equiv="keywords" content="keyword1,keyword2,keyword3">  
<meta http-equiv="description" content="this is my page">  
<meta http-equiv="content-type" content="text/html; charset=UTF-8">  <!--<link rel="stylesheet" type="text/css" href="./styles.css">-->  

var isCommitted = false;
function dosubmit()
{
if(!isCommitted)
{
isCommitted=true;
return true;
}
else
{
return false;
}
}




用户名 ：




这样在浏览器中加载form.html后，点击“提交”，终端中只会输出一次”向数据库中注册数据。”，表明成功阻止表单反复提交。
以上form.html可以进一步优化，当用户点击“提交”后，“提交”按钮应该变为灰色不可用。
[html] view plain copy



form.html

<meta http-equiv="keywords" content="keyword1,keyword2,keyword3">  
<meta http-equiv="description" content="this is my page">  
<meta http-equiv="content-type" content="text/html; charset=UTF-8">  <!--<link rel="stylesheet" type="text/css" href="./styles.css">-->  

function dosubmit()
{
var input = document.getElementById("submit");
input.disabled = 'disabled';
return true;
}




用户名 ：




利用javascript的方法不能完全防止用户恶意重复提交，例如：用户可以将form.html保存后修改，还可以在点击“提交”后重复刷新页面，从而实现反复提交。
三、解决方法二：利用服务器端Session防止表单重复提交。
其中FormServlet.java为
[java] view plain copy
package SessionDemo;

import java.io.IOException;
import java.io.PrintWriter;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.Random;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import sun.misc.BASE64Encoder;

public class FormServlet extends HttpServlet
{

public void doGet(HttpServletRequest request, HttpServletResponse response)  throws ServletException, IOException  
{  //产生随机数表单号  TokenProcessor tp = TokenProcessor.getInstance();  String token = tp.generateToken();  request.getSession().setAttribute("token",token);  request.getRequestDispatcher("/form.jsp").forward(request, response);  
}  public void doPost(HttpServletRequest request, HttpServletResponse response)  throws ServletException, IOException  
{  doGet(request, response);  
}  

}

//设计为单例模式
class TokenProcessor
{
private TokenProcessor(){};
private static final TokenProcessor instance = new TokenProcessor();

public static TokenProcessor getInstance()  
{  return instance;  
}  public String generateToken()  
{  //获得随机数字符串  String token = System.currentTimeMillis() + new Random().nextInt() + "";  //获得数据摘要  try  {  MessageDigest md = MessageDigest.getInstance("md5");  byte[] md5 = md.digest(token.getBytes());  //利用base64编码防止乱码。  BASE64Encoder encoder = new BASE64Encoder();  return encoder.encode(md5);  } catch (NoSuchAlgorithmException e)  {  throw new RuntimeException(e);  }  
}  

}
添加form.jsp
[plain] view plain copy
<%@ page language=”java” import=”java.util.*” pageEncoding=”UTF-8”%>

用户名




将DoFormServlet.java修改为
[java] view plain copy
package SessionDemo;

import java.io.IOException;
import java.io.PrintWriter;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

public class DoFormServlet extends HttpServlet
{

public void doGet(HttpServletRequest request, HttpServletResponse response)  throws ServletException, IOException  
{  String username = request.getParameter("username");  boolean b = isTokenValue(request);  if (!b)  {  System.out.println("请不要重复提交。");  return;  }  request.getSession().removeAttribute("token");  System.out.println("向数据库中注册数据。");  
}  //判断表单号是否有效  
private boolean isTokenValue(HttpServletRequest request)  
{  String clientToken = request.getParameter("token");  if(clientToken==null)  {  return false;  }  String serverToken = (String) request.getSession().getAttribute("token");  if(serverToken==null)  {  return false;  }  if (!clientToken.equals(serverToken))  {  return false;  }  return true;  
}  public void doPost(HttpServletRequest request, HttpServletResponse response)  throws ServletException, IOException  
{  doGet(request, response);  
}  

}
再浏览器中加载FormServlet

点击“提交”后跳转

终端显示用户提交

这时即使用户点击“刷新”，也不能实现重复提交。