This week's book giveaway is in the Agile and other Processes forum. We're giving away four copies of The Mikado Method and have Ola Ellnestam and Daniel Brolund on-line! See this thread for details.
Hi all! I'm relatively new to JSP and I'm having some doubts doing a login page using jsp. Say, after a user enters his username and password, the username is used to retrive a password from the database. This password is then compared with the one he enters and if it matches will let the user access *some secret pages*. How can i prevent ppl from accessing the *secret pages* by directly typing the URL in their browsers.
The Greenest Of Horns
Rehan Malik
Ranch Hand
Joined: Jul 09, 2001
Posts: 76
posted
0
Add the following code to top of "secret pages": <% if(session.isNew()) { response.sendRedirect("http://www.errors.com"); } %> [This message has been edited by Rehan Malik (edited August 24, 2001).]
Rehan Malik
Subbu Aswathanarayan
Ranch Hand
Joined: Jun 22, 2001
Posts: 73
posted
0
hi, after the user successfully logs on, put an object (probably containing his user id) in to the session.in all ur "secret pages" try to retrieve this object from the session.if u cant, redirect the user to an error page. hope this helps. Subbu
0
