Server‑Side Request Deduplication Using Unique IDs and Parameter Hashing in Java

Duplicate requests—whether caused by replay attacks, client retries, or gateway resends—can lead to serious issues such as double orders, especially for write operations. The article focuses on server‑side strategies to detect and reject such duplicates while ignoring client‑side measures.

Unique Request ID with Redis : By assigning a globally unique request number (e.g., String KEY = "REQ12343456788"; ) and storing it in Redis with a short TTL (e.g., 1000 ms), the server can atomically set the key using SET_IF_ABSENT . If the key already exists, the request is considered a duplicate.

Business‑Parameter Deduplication : When a unique request ID is not available, the article proposes constructing a composite key from user ID, method name, and request parameters (e.g., String KEY = "dedup:U=" + userId + "M=" + method + "P=" + reqParam; ). For complex JSON payloads, the parameters are sorted, concatenated, and an MD5 digest is used as the identifier to keep the key length reasonable.

Handling Volatile Fields : Fields such as timestamps or GPS coordinates can cause false negatives. The solution removes specified keys (e.g., requestTime ) before computing the MD5, ensuring that logically identical requests are recognized as duplicates.

Reusable Java Helper : The article provides a ReqDedupHelper class with a dedupParamMD5(String reqJSON, String... excludeKeys) method that parses JSON into a TreeMap , removes excluded keys, serializes back to JSON, and returns the MD5 hash. It also includes a private jdkMD5 utility.

Test Example : A main method demonstrates two JSON requests differing only by requestTime . Without exclusion, their MD5 hashes differ; after excluding requestTime , the hashes match, confirming the deduplication logic.

Complete Solution : The final code snippet combines the MD5‑based key generation with the Redis atomic set‑if‑absent operation, showing how to compute the dedup key, set an expiration, and determine whether the request should be processed or rejected.