问题
I have the following problem:
I want to send information between modules (different controllers) using POST due to security reasons. My logic has been something like this:
User Searches > Clicks on specific item > Sends a form with post request to a controller > Controller shows view of the specific item > User clicks on a sub-item page > Sends a form with post request to the sub-item's controller
However, because of how POST works out, it's giving me "Webpage has expired" messages when going from Subitem page back to Item page.
My solution to this problem is to save these parameter(s) in Java's HttpSession, thanks to this post. However I am not particularly sure how to go at it.
For example here is some snippets of my code (for the record I'm using thymeleaf as a view resolver):
Search.html snippet
<tr th:each="customer:${results.pageList}">
<td>
<form method="POST" id="goToUser" name="goToUser" action="/customer/">
<input type="hidden" name="acctCustNbr" th:value="${customer.acctCustNbr}"/>
<a href="javascript:;" onclick="javascript:document.getElementById('goToUser').submit();"
th:text="${customer.acctCustNbr}">000010</a>
</form>
</td>
<!-And so on-->
Customer (or Item, in the example) controller that receives this request:
@RequestMapping(value = "/customer/", method = RequestMethod.POST)
public String getCustomer(@RequestParam(value = "acctCustNbr", required = false) String acctCustNbr,
Model model,
HttpSession session) {
boolean error = false;
String errorMsg;
logger.info("acctCustNbr obtained is >" + acctCustNbr + "<");
if(acctCustNbr==null){
acctCustNbr = (String) session.getAttribute("acctCustNbr");
}
else
session.setAttribute("acctCustNbr", acctCustNbr);
/*Service methods and model additions*/
Now how do I get past this initial stage? It seems my sub-item's controller can obtain the session attribute fine, but hitting back on the browser still opens up that dreaded expiration alert.
My logic is if a user is hitting the back button to this /customer/ page that he will send acctCustNbr==null. Obviously I'm wrong because this doesn't work.
So my question is, what am I doing wrong here?
SOLUTION thanks to @skirsch
I renamed my controller method to this:
@RequestMapping(value = "/customer/", method = RequestMethod.GET)
public String getCustomer(Model model, HttpSession session) {
boolean error = false;
String errorMsg;
/** service invocations and stuff**/
And added this one:
@RequestMapping(value = "/customer1/", method = RequestMethod.POST)
public String storeAcctCustNbrInSession(@RequestParam(value = "acctCustNbr", required = false) String acctCustNbr,
Model model, HttpSession session) {
session.setAttribute("acctCustNbr", acctCustNbr);
return "redirect:/customer/";
}
回答1:
You need to redirect the browser to another place after storing the data in the session. This other place could be
@RequestMapping(value = "/customer/", method = RequestMethod.GET)
public String getCustomerFromSessionValue(Model model, HttpSession session) { ... }
As you redirect using a GET method, you won't experience your "dreaded expiration alert".
See Redirect After Post
来源:https://stackoverflow.com/questions/15888258/how-to-manage-session-attributes-due-to-post-requests-and-history