Win a copy of Think Java: How to Think Like a Computer Scientist this week in the Java in General forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Any Suggestion?

 
Chris Goh
Greenhorn
Posts: 23
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi all!
I'm relatively new to JSP and I'm having some doubts doing a login page using jsp.
Say, after a user enters his username and password, the username is used to retrive a password from the database. This password is then compared with the one he enters and if it matches will let the user access *some secret pages*. How can i prevent ppl from accessing the *secret pages* by directly typing the URL in their browsers.

The Greenest Of Horns
 
Rehan Malik
Ranch Hand
Posts: 76
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Add the following code to top of "secret pages":
<%
if(session.isNew())
{
response.sendRedirect("http://www.errors.com");
}
%>
[This message has been edited by Rehan Malik (edited August 24, 2001).]
 
Subbu Aswathanarayan
Ranch Hand
Posts: 73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
hi,
after the user successfully logs on, put an object (probably containing his user id) in to the session.in all ur "secret pages" try to retrieve this object from the session.if u cant, redirect the user to an error page.
hope this helps.
Subbu
 
Chris Goh
Greenhorn
Posts: 23
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks!!!
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic