session防止表单重复提交

有一个生成表单号的sevlet

public class FormServlet extends HttpServlet {
	private static final long serialVersionUID = 1L;

	protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
		//产生随机数表单号
		TokenProcessor tp = TokenProcessor.getInstance();
		
		String token = tp.getToken();
		
		request.getSession().setAttribute("token", token);
		
		request.getRequestDispatcher("/form.jsp").forward(request, response);
	}

	protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
		doGet(request,response);
	}

}

class TokenProcessor{//令牌
	/*1，构造方法私有
	 * 2。自己创建一个
	 * 3.对外暴露一个方法，允许获取上面对象
	 */
	
	private TokenProcessor(){};
	private static final TokenProcessor instance = new TokenProcessor();
	
	public static TokenProcessor getInstance(){
		return instance;
	}
	
	public String getToken(){
		
		//先生成随机数
		String token = System.currentTimeMillis()+new Random().nextInt()+"";
		//使位数固定，摘要算法
		try {
			MessageDigest md = MessageDigest.getInstance("md5");
			byte[] md5 = md.digest(token.getBytes());
			
			//base64编码，生成字符串
			BASE64Encoder encoder = new BASE64Encoder();
			return encoder.encode(md5);
			
		} catch (NoSuchAlgorithmException e) {
			throw new RuntimeException(e);
		}
		
		
	}
}

表单如下

<%@ page language="java" contentType="text/html; charset=utf-8"
    pageEncoding="utf-8"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<title>Form</title>
</head>
<body>
	
	<form action="/day07/DoForm" method="post">
		<input type="hidden" name="token" value="${token}"><br>
		用户名：<input type="text" name="username"><br>
		<input type="submit" value="提交">
	</form>
</body>
</html>

处理表单的sevlet

public class DoForm extends HttpServlet {
	private static final long serialVersionUID = 1L;
	protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
		
		String token = request.getParameter("token");
		
		String server_token = (String) request.getSession().getAttribute("token");
		boolean b = isTokenValid(token,server_token);
		
		if(!b){
			System.out.println("Invalid token");
			return;
		}
		
		request.getSession().removeAttribute("token");
		System.out.println("ok");
		
	}

	//判断表单是否有效
	private boolean isTokenValid(String token,String server_token) {
		if(token==null){
			return false;
		}
		
		if(server_token==null){
			return false;
		}
		
		if(!token.equals(server_token)){
			return false;
		}
		
		return true;
	}


	protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
		doGet(request,response);
	}

}