Tokens are used to check for invalid path for by the uer: 1) if the user presses back button and submits the same page 2)or if the user refreshes the page which will result to the resubmit of the previous action and might lead to unstabality.. to solve the abv probs we use tokens 1) in previous action type saveTokens(HttpServletreuest) 2) in current action check for duplication bu if(!isValidToken())