Package com.tonbeller.wcf.token

Synchronizes page flow using a token.

See:
          Description

Class Summary
RequestToken  
TokenFilter  
TokenTag  
 

Package com.tonbeller.wcf.token Description

Synchronizes page flow using a token.

The <wcf:token/> tag creates a hidden input field that creates a http parameter with a random number (token) as its value.

On every request the token filter checks if the http parameter is there and if it holds the random number of the previous page. If so, the page is processed normally, if not, the user is redirected to the previous page w/o any http parameters.

This way, users can not change the page flow using the browsers back button. If they try, they will be redirected to the current page w/o any processing of http parameters (so a form is not submitted twice).