Preventing sensitive form re-submission
I want to prevent the refresh/re-submission of form on the server side(not using javascript).There is some way of using tokens in session and request to validate the request from the client.But I am not very sure how to go about it.Can anyone elaborate the same for me..Thanks in advance....
You're on the right track. To use tokens, there should be a number stored in the session, and that same number placed in a hidden field in the form.
Before serving the form, create a unique key - new Date().getTime() gives you a long with millisecond precision. Store that number in the session and also place it in a hidden field in the form. When the form is submitted, check the hidden against the number in the session. If they match, the form submission is valid; remove the key and process the form. If the user tries to submit the same form by using the "back" button, the number in the form no longer has a match in the session, and you reject the form submission.
example:
in the jsp that generates the form:
<%
// create a number unique to the current millisecond
long key = new java.util.Date().getTime();
// place it in the session to be looked up later
session.setAttribute( "formKey", Long.toString( key ) );
%>
<form>
<!-- put the form key in the form -->
<input type="hidden" name="formKey" value="<%= key %>">
</form>in the code that processes the form:
String key = request.getParameter( "formKey" )
String sessionKey = (String)session.getAttribute( "formKey" );
if ( key.equals( sessionKey ) ){
// process the form
} else {
// key is not valid - send some error message
}
Similar Messages
-
How to prevent dupilcate form submission in JSF 1.x
Hi All
How to prevent dupilcate form submission in JSF 1.x application. As of now ,when the user clicked the submit button two times , application inserts 2 records in database.
Please suggest how to prevent dupliacte form submission without using Javascript. Kindlly share examples if any.
Regards,
DEVYour problem is not really double submission but the fact that your application allows double insertion. The fix is functionally easy but technically very cumbersome: before inserting, check if the data already exists. If you build in such a guard you also protect against other methods of causing a resubmission, such as the browser back button.
PS: what's the deal with the no javascript limitation? You do realize that when you use JSF you're tanking your application full of javascript, right? -
How can I include shared drive link to form in submission email?
I am an assistant in an office where we will be using Adobe Forms to initiate the start of a project. My bosses are to save their form in a corresponding folder, then "submit" the form to me to alert me to continue with project initiation.
My question is: Is there away to, in the body of the email, include a link to where the Adobe form is saved on our shared drive so that I can click on the link and go straight to it, instead of using the attachment? This, I hope, will prevent the form being saved in two different places.Hi CSchoolinLife,
Yes you can include customized content in the email body .
Please save the form from https://workspaces.acrobat.com/?d=0n*uLjnmLGX8VlHRCW5n7A and check different options you can use in an email button (programatically and through GUI).
Regards,
Ratnesh -
CFDiv - clearing the form after submission
I am using cfdiv with a data entry form and on submission writes the values to a db, works great, but, how can I clear the form after submission?
reloading the page loads it in the cfdiv.
TIA
JbirdTo where are you submitting this form? Also, are you submitting as a get or a post?
-
How to Close InfoPath Form After Submission When Two Buttons Exist?
I have an browser-enabled InfoPath 2010 form that has two views and a submit button on each view. The form would correctly submit and close the form using one button on the form until the second button was added. After adding the submit button on a second
view, the second button submitted/closed but the behavior on the first view changed so that the form no longer closes after submission. I’ve researched this and have not yet found a solution to allow closing the form after submission for one of the buttons.
Things I’ve tried:
- I’ve attempted creating multiple submit data connections for the different buttons
- Specifying different Submit Options
- Try closing the form with the code
- Add another button to the non-closing view
- Add duplicate Rule actions to "Close this form: No Prompt"
Settings:
Button rules:
- Submit using data connection: SharePoint Library Submit
- Close this form: No Prompt
Button Properties:
- Action > Rules and Custom Code
The form Submit Options:
- Send form to a single destination (a form library)
- Choose a data connection for submit (SharePoint library submit)
- Advanced > After Submit: Close the form
Advanced form options:
- Filler Features: all items unchecked (not allowing Save, etc.)
- E-Mail Attachments: uncheck Enable InfoPath e-mail form functionality for this form template
Resources:
When considering programmatically submitting and closing the form, I understand from this article that the Rules run before code and I can’t close the InfoPath form programmatically by writing code behind a button that has a rule set on it:
http://www.bizsupportonline.net/blog/2009/01/how-to-programmatically-run-code-close-infopath-web-form/
Discussion of creating a custom Save and Submit buttons for InfoPath browser forms:
http://markhaverty.com/sharepoint/custom-save-and-submit-buttons-for-infopath-browser-forms/what if you need to switch views?
I have the same problem in a similar situation. I created a test button to narrow down the cause. the button submits data & closes the form fine. however when I add a rule to switch views before the submit & close rule, it
breaks. Submit still works but it no longer closes the form. If I disable the switch-view rule, then it closes fine.
I tried added another rule to switch back to the main view but that didn't help.
switching views is an integral part of the workflow b/c I want to email the alternate view upon approval & then close the form. So removing that rule is not a good answer unfortunately. -
Is their way to prevent a form data from being lost when a validation fails
Is their way to prevent a form data from being lost when a validation fails?
So I would use APEX_COLLECTION (there is some information in APEX documentation).
Read all data you need to keep after submit and save them to your collection. Then, if validation fails, show report with data not from base, but from your collection. You have to create process, which creates collection, and you need to modify your report definition to get data not only from DB but also from collection.
If you have any questions feel free to ask.
Regards,
Przemek
Edited by: Przemek on 2009-01-10 17:47 -
Preventing enter key from submission-- javaScript
Hi,
I am using the following code for preventing enter button from submission
It is not working for other explorer's like AOL,FIREFOX,NETSCAPE
onkeydown="if ((event.which && event.which == 13) ||
(event.keyCode && event.keyCode == 13))
{document.FormName.ButtonName.click();return false;}
else return true;"
Can any one help me better solution than this...
Thanks in advance...Double-posted:
http://forum.java.sun.com/thread.jspa?threadID=5131933
(And this is still a java and not javascript forum) -
Preventing duplicate form submission
how do i prevent from the form being submitted twice in case user clicks the submit button twice?
Search at the net "struts tokens".
-
Preventing duplicate form submission when page is loaded from history
Hi
We have record insertion forms some of which insert unique
records into sql databases and some which may not. Is there a way
of stopping the user pulling the page from history (or using the
back button) and then resubmitting the data?
I have put a trigger on the databases that basically updates
existing data rather than re-inserting it if a duplicate is entered
but as some of the record submissions are not unique this isn't
always possible. I would also rather restrict the submission client
side to reduce bandwidth and database calls.
I have tried various 'no caching' techniques on the page but
none seem to work. Anyone have any bright ideas ... I am all out of
ideas bright or not!!!
TIA
KarenKaren
I have used session variables to control this sort of thing.
Basically the
insert/update statement tests for the existance of a variable
with a
particular name. If no variable exists then this will
indicate that the
request is coming from a history file, and it will not allow
the process.
Equally as part of the insert process change the value in the
variable and
do not allow and insert if the variable holds that value.
Paul Whitham
Certified Dreamweaver MX2004 Professional
Adobe Community Expert - Dreamweaver
Valleybiz Internet Design
www.valleybiz.net
"big_old_bird" <[email protected]> wrote in
message
news:e2totv$ec9$[email protected]..
> Hi
>
> We have record insertion forms some of which insert
unique records into
> sql
> databases and some which may not. Is there a way of
stopping the user
> pulling
> the page from history (or using the back button) and
then resubmitting the
> data?
>
> I have put a trigger on the databases that basically
updates existing data
> rather than re-inserting it if a duplicate is entered
but as some of the
> record
> submissions are not unique this isn't always possible. I
would also
> rather
> restrict the submission client side to reduce bandwidth
and database
> calls.
>
> I have tried various 'no caching' techniques on the page
but none seem to
> work. Anyone have any bright ideas ... I am all out of
ideas bright or
> not!!!
>
> TIA
> Karen
> -
Prevent duplicate form submission from same user
What's the best way to prevent the same person/computer from
submitting a form? I am wondering about cookies, ip address,
etc.Rking1966 wrote
I am wondering about cookies...
You got me wondering, too. I thought of something like:
formPage.cfm
============
<cfif isDefined("cookie.isFormSubmitted") and
cookie.isFormSubmitted>
You have already submitted the form. You may only do so
once.<br>
<p>
<a href="someOtherBusinessPage.cfm">To
business</a>
</p>
<cfelse>
<form action="actionPage.cfm" method="post">
<input name="field1" type="Text">
<input name="send" type="Submit" value="Send">
</form>
</cfif>
actionPage.cfm
=============
<cfif NOT isDefined("cookie.isFormSubmitted")>
<cfcookie name="isFormSubmitted" expires="never"
value="true">
</cfif>
<!---
Business code to process submitted form fields
---> -
How do I create a PDF form for submission that can be used by Acrobat Reader only users?
I am attempting to create a PDF document in Acrobat Pro with fields that can be submitted (via email) by users using only Acrobat Reader.
I have tried changing the properties of the 'Submit' button, although I am not sure what I am doing wrong.
Can anyone please help?
C.I created a form using Adobe LiveCycle and added the submit via e-mail button. One change which I made was in the XML script I changed submission type to pdf, so that thepdf form itself would be e-mailed. This works fine if I use Adobe Pro 8, but when I tried the same using only Adobe Reader 7.0, it would not let me e-mail the form along with a message "This operation is not permitted".
Any comments?
Thanks -
Preventing input form from showing existing record
Hello,
I'm creating a series of web pages to collect info from a user. On the first page, create.jsp, I have a CommandLink bound to the Create binding action. It forwards to the input form on its own page, form.jsp. The defaults (sequence number, creation date) from the model layer appear nicely in the form. If the user follows the page flow, the record is committed and everything is swell.
The problem is that users can enter "form.jsp" directly into their location bar in their web browser, and the input page will display the first record in the table. I cannot use an authorization scheme to prevent access because any general user of the web should be able to input their info. (In other words, you can't be logged-in before creating your login.)
How can I disable this? Or, is there a hook in the processing lifecycle that I can use to determine if a user has created a new row before displaying the input form?
I'm using JDev 10.1.3 production, ADF Faces, ADF BC.
Thanks,
-AnthonyI figured this out myself, actually this was quite simple.- just set the 'immediate' property on the component (button) to 'true'.
-
Converting (locking) form upon submission.
HI All. I have a product sample submission form for my laboratory. The form has multiple fields that are filled out by the requestor and a Submit button that will mail a copy to a domain. When I send the form now, it does not lock the fields and can still be edited. I would like for it to lock the field and send what I call a "normal" .pdf, (like when you convert a .docx to a .pdf). Is that possible in LiveCycle? I would like for the form to not be editable once it is sent, as well as to be smaller in size. (3MB after submission currently).
Try the LiveCycle Designer forum. This forum is about forms created in Acrobat.
-
Prevent Startup Form from Loading using Command Line Arguments
Hi there
I'm developing a VB.NET windows forms application in VS2013.
The application will have 2 ways of being executed, one being by the user manually and the other being automated by the task scheduler.
When executed by the task scheduler, command line arguments will be used so that the application is aware that it is being run automatically and not by a user.
My problem is that I want the startup form to load when run by a user but I don't want it to load when it is run automatically, I just want to execute code.
Is it possible to prevent the startup form from loading by using the commandline arguments from the MyApplication_Startup event?
CheersHi Aureuz,
>>Is it possible to prevent the startup form from loading by using the commandline arguments from the MyApplication_Startup event
It is impossible to accomplish it in the MyApplication_Startup event, we can use Form.Shown event:
#Form.Shown Event
http://msdn.microsoft.com/en-us/library/system.windows.forms.form.shown(v=vs.110).aspx
If we start a form by using the commandline arguments, the count of CommandLineArgs will be above one, if so, use Me.Hide() method to hide this form.
Private Sub Form1_Shown(sender As Object, e As EventArgs) Handles MyBase.Shown
Dim args As String() = Environment.GetCommandLineArgs()
If args.Count > 1 Then
Me.Hide()
Else
Me.Show()
End If
End Sub
You can also uncheck "Enable application framework" on the project properties application tab and select your startup object to a module object:
Module Module1
Sub Main()
Dim args As String() = Environment.GetCommandLineArgs()
If args.Count > 1 Then
'Run your background code
Else
Dim f As New Form1
f.ShowDialog()
End If
End Sub
End Module
We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
Click
HERE to participate the survey. -
Reset form upon submission extension?
IS t here an extension that will force all form vaules to be reset upon form submission please?
Try this script:
This goes in the head area:
<script language="javascript">
function reset() {
document.name_of_form.name_of_textfield.value="";
document.name_of_form.name_of_textfield.value=""; // and so on until you list each field
</script>
This goes in the body tag: OnLoad="reset()"
So the body tag will look like this:
<body OnLoad="reset()">
I tested this and it works.
So the first thing you need to do is to make sure that your form has a name (for example, name="form1"). Then you need to make sure each of your fields are name (for example, name="first_name" or name="email").
So, using the example above, you would replace the name_of_form with form1 (if you named your form, "form1") and also replace the name_of_textfield with the actual name of your textfield. So let's say you named your form form1 and your first text field first_name, your second text_field last_name, and a third email. Here's now your code would look:
<script language="javascript">
function reset() {
document.form1.first_name.value="";
document.form1.last_name.value="";
document.form1.email.value="";
</script>
Basically, the code says in this document reset the first_name field in form 1 to empty ("").
You may want to try just the first two fields first to make sure everything is working before writing the whole script.
Maybe you are looking for
-
I edit a photo and when I click Save As, I get error message "Could not complete your request because of a program error." I exit Elements, try again, same error. In past I had this problem but it resolved when rebooted PC. This time, PC reboot
-
Can u guys recommend goos books on java i an new
i hav java by dietel but its kinda hard for a newbie soo..any suggestions
-
please help!!
-
Task & Appointment Manager recommendations?
Some four weeks or so since buying my iPad 3G, I'd say that one of the most delightful things about it is the sheer ease of installing new 'apps'. But inevitably there's a lot of poor stuff to wade through in the App Store to find those of quality. I
-
Errors got when doing the implementation process
Hi to BW Experts, when we are doing implementation project ,what the errors mainly we can get from Lo extraction?i think no psa tables exist and some caller id errors will come when source system is not in working condition ? give some main