wood burning stoves 2.0*
The moose likes Servlets and the fly likes Login Page Problem???? Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Android Security Essentials Live Lessons this week in the Android forum!
JavaRanch » Java Forums » Java » Servlets
Bookmark "Login Page Problem????" Watch "Login Page Problem????" New topic
Author

Login Page Problem????

Rui Ferns
Greenhorn

Joined: May 06, 2001
Posts: 24
Hi,
I have a login page that lets a user enter his/her username and password. If valid it takes them to a page where they can administer a table in their database using form fields.
My question is, if another user comes along after somebody has been logged in,and presses the back button or forward button on the browser and gets passed the login page to see the administraion page , how can I stop this.
Could anyone tell me how I can stop this from happening. I'd like to use sessions but i'm not sure on how to go about it.
Thanks
Rui
Andrew Shafer
Ranch Hand

Joined: Jan 19, 2001
Posts: 338

Make the admin page and every action on the admin page check to see if the session is valid and active.
If it isn't redirect to a login or not authorized page. Then encourage people to logout and set a reasonable timeout for the sessions.
If someone leave a valid session and another person comes on the machine, there isn't much you can do. Its like I signed onto my account and then left it there for you. Maybe when the new retinalscan/fingerprint API comes out.


!_I_Know_Kung_Fu_!
Rui Ferns
Greenhorn

Joined: May 06, 2001
Posts: 24
Hi,
Thanks for the help.
I got it working.
I'm not sure what the session time out is. I haven't set it yet.
What is the default session time out?
And how do you set it?
Thanks again
rui
Andrew Shafer
Ranch Hand

Joined: Jan 19, 2001
Posts: 338

there is a default timeout that is set in the server configuration or you can set it with a session method, can't remember what it is exactly of the top of my head.
something like session.setMaxInterval()
Shouldn't be too hard to find.
maha anna
Ranch Hand

Joined: Jan 31, 2000
Posts: 1467
It is
public void setMaxInactiveInterval(int interval)
PLease check online servlet API at http://java.sun.com/products/servlet/2.2/javadoc/javax/servlet /http/HttpSession.html#setMaxInactiveInterval(int)

There is another way to configure the session timeout through web.xml. But the final word is from session.setInactiveIntervel(int t) API inside your servlet code. In other words, if you set BOTH in web.xml and inside your servlet code using above API, only the API's value is taken into account.
Please check this discussion on how to configure through web.xml
http://www.javaranch.com/ubb/Forum7/HTML/003140.html
regds
maha anna

[This message has been edited by maha anna (edited May 11, 2001).]
howard
Greenhorn

Joined: May 08, 2001
Posts: 2
I used setMaxInterval(int) in my servlet. I clicked on one dropdown menu and it (javascript) brings me to different result page of the same servlet. But only very short later, the original session is timed out, although I set it as 5000 which supposed to be 5000 seconds. Anyone has similar experience, what is wrong here? Thanks.
 
It is sorta covered in the JavaRanch Style Guide.
 
subject: Login Page Problem????
 
Similar Threads
logic for display JSP page
Browsing with the back button
log-out problem
controlling browsers back button
Refresh the JSP Page