Cause: turns out that failing the validation causes the token to reset and if the form is submitted multiple times very fast, it sometimes results in the form token and htmlsession token to be different. (Maybe after the page loaded, a thread for setting the token still ran from the double submits and changed the token in the htmlsession after it rendered the jsp page). That is why the token validation fails every time after the submission that failed the validation.
Had to tweak how the token is set. More details about this in this updated thread.
I'm working on a webapp that uses both token and validation interceptor. A brief description is a token is set in the jsp page using
<s:token/> and on the action call
TokenHelper.validToken() is used to check if the token is valid. The issue comes when a user sends multiple post or form submits and it fails the
validateSave(). The user is sent back to the form page. After this, even if the user only submits once, it results in an invalid token. The hidden token in the form and the token in the '
actionSession' (I don't know the exact name, but it's where the copy of the token is save for future comparison.) isn't the same which results in an invalid token upon first submit. I'm having trouble with this and how to handle this event.
Any input would be much appreciated.
Thank you in advance.