Difference between Token Interceptor and Token Session Interceptor?

Question

I Know that both the interceptors are used to prevent duplicate form submissions? But What really are the difference between both of them? Which one has extra edge over other?<

Answer 1

The tokenSession extends token interceptor, they are both used to ensure that only one request per token is processed. The difference is in the handling of the invalid tokens. When invalid token is found the token interceptor just returns invalid.token result. The tokenSession interceptor on invalid token will try to display the same response that would have been displayed in case of valid token.

Some pseudo code for illustrating workflow of the tokenSession interceptor:

intercept() {
  if(validToken){
    storeInvocation();
    return invocation.invoke();
  }else {
    ActionInvocation storedInvocation = loadStoredInvocation();
    // ...
    return storedInvocation.getResultCode();
  }
}