Struts2 provide Token Interceptor for ensures that only one request per token is processed, But, I don't understand how it works, if a user send the one request twice what happens? Does the user get an invalid token or get response of the first request? What is a logic behind this interceptor?
The token interceptor returns the result invalid.token when an invalid token is found. The logic is simple: it uses a session to save a valid token per request and when intercept it checks it by comparing one that sent and other that is from session.
来源:https://stackoverflow.com/questions/17807964/how-token-interceptor-work-in-struts-2