Hello all, i have jsp program which accepts user name and password. if the user is valid i am redirecting the user to my login page(login.jsp) the program is working fine but the problem is that if i book mark the page,the user can access it without any authentication. how can i avoid the access of my file(login.jsp) to the user with out authentication? is there any method by which i can avoid my page to be bookmarked?
posted 15 years ago
At the top of each page that you do not want anyone to access with first logging in, put some code that checks some session variables that hold the username and password. If they have values, then they have logged in. So when a person bookmarks the page and comes into a page with that code at the top, it will notice that there is nothing in the session and not allow them access, and can redirect them somewhere else appropriately. Note that the above code to check the session can be put in its own JSP page, and then be included by any page that needs it. That way all your code is in one place. HTH Brian