File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes JSP and the fly likes prevent direct access after login. Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » JSP
Bookmark "prevent direct access after login." Watch "prevent direct access after login." New topic

prevent direct access after login.

Rob Deer

Joined: Jan 10, 2005
Posts: 17
I have a page called login.jsp. Its a html form which allows people to login. After they login successfully, the login html link disappears and the logout link appears. But the problem is that the visitor can type in login.jsp in the address bar and get there manually. Is there a way to prevent that?
sruthi adhuri

Joined: Nov 19, 2005
Posts: 9
You can restrict browser feeds(typing URL manually) by placing your JSP's under /WEB-INF/jsp/ folder. and access using deployment descriptor.
Bear Bibeault
Author and ninkuma

Joined: Jan 10, 2002
Posts: 63844

Firstly, I wonder why you care. Doesn't seem like a big deal to me.

But, if it's something you need to do I'd create a filter that would disallow access to the page when the logged in state is detected.

[Asking smart questions] [About Bear] [Books by Bear]
I agree. Here's the link:
subject: prevent direct access after login.
It's not a secret anymore!