Win a copy of Re-engineering Legacy Software this week in the Refactoring forum
or Docker in Action in the Agile forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

how to detect a user if he tries to enter a site without entering his password??

 
senthil sen
Ranch Hand
Posts: 184
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
say am a user i try to enter a site skipping the authorization page or wihtout entering password and userid ??
Now a programmer should track my state or session and send me or redirect me back to the authorization page and make me enter my passord and id???
need code for this??
 
Cory Wilkerson
Ranch Hand
Posts: 84
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Most models I've seen rely on some sort of session token for this purpose. IE, once the user has logged in, either the user id, or some random token associated with the user is stored in session. After you've got that much done, a simple jsp can be included throughout the rest of your jsps that validates that the token is present and is valid.
Session isn't a *bad* thing...it's not something you should avoid like the black plague, it's just something that you should use judiciously. Something as small as a session token scaled to thousands of simultaneous users will not take a significant toll on the amount of overhead your servers are seeing...
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic