Hi all! I'm relatively new to JSP and I'm having some doubts doing a login page using jsp. Say, after a user enters his username and password, the username is used to retrive a password from the database. This password is then compared with the one he enters and if it matches will let the user access *some secret pages*. How can i prevent ppl from accessing the *secret pages* by directly typing the URL in their browsers.
hi, after the user successfully logs on, put an object (probably containing his user id) in to the session.in all ur "secret pages" try to retrieve this object from the session.if u cant, redirect the user to an error page. hope this helps. Subbu