Could someone review the handling, if any, provided by Spring to handle duplicate form submissions.

Didnt seem to be anything covering this in the docs.

See samples for an example of how to handle this:
samples\petclinic\src\org\springframework\samples\ petclinic\web\AddOwnerForm.handleInvalidSubmit

Thanks for that.

I was actually hoping for a little more detail with respect to how the framework code determines whether the 'handleInvalidRequest' function should be called.

As far as I can make out it seems to check if a form object exists in the session. If it doesn't then it calls this function.

I was wondering if the 'synchronizeOnSession' field had to be true in order for this to work so as to prevent race conditions on the 'handleInternalRequest' function.

Guess these are questions for the development team really. Would appreciate a basic rundown on how this works in practice.

Frank

it seems to check if a form object exists in the session. If it doesn't then it calls this function.
You're correct. Relevant code is in org.springframework.web.servlet.mvc.AbstractFormCo ntroller.

if (isFormSubmission(request)) {
if (isSessionForm() && request.getSession().getAttribute(getFormSessionAt tributeName()) == null) {
// cannot submit a session form if no form object is in the session
return handleInvalidSubmit(request, response);
}
....

I was wondering if the 'synchronizeOnSession' field had to be true in order for this to work
No. You're first assessment was correct. The same client could submit at any time, and if there is no form in the session (and it requires one) handleInvalidSubmit will be called.

I've been looking into how to prevent duplicate form submissions, and trying to get to grips with how the handleInvalidSubmit method helps. It's my understanding that, when sessionForm is true, the command object can act as a kind of synchronizer token - if it doesn't exist in the session when a form is submitted, it can be assumed that that the submit is a duplicate - handleInvalidSubmit is then called.

From the source code I gather that there is indeed a possibility of a race condition, unless there's some sort of synchronization (e.g. through the synchronizeOnSession functionality). :shock:

Admittedly this is rather unlikely to happen often. :)

The key methods to look at are in AbstractFormController: handleRequestInternal and getCommand. Basically, the code in handleRequestInternal checks for whether the form command object exists in the session, and calls handleInvalidSubmit if it doesn't. Assuming the command object does exist in the session, handleRequestInternal then calls getCommand. getCommand retrieves the object from the session, removes it from the session, and returns it.

Anyway, the source code explains it a lot better than me, but the upshot is that it looks like two submits in close succession could result in a ServletException being thrown from getCommand. If synchronizeOnSession was true, this would be avoided and the duplicate submit would be detected.

I think it's possible that a little synchronization on the session object in the getCommand method (along with a little re-working of handleRequestInternal) could prevent this from happening, but it probably makes more sense to just set synchronizeOnSession to true.

Martin

I see the race condition here (I have a rather "fat" Session object, I think that's why).
So, could you, please, be more specific regarding synchronizeOnSession, please?

Regarding where actually would be better to set it to true?

many thanks in advance,

serge

Sorry, never mind. I have found a proper place already.

Thanks!

serge