• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

How to prevent user copy and paste url?

 
Guy Belpa
Ranch Hand
Posts: 41
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

helo ,

i'm developing a web-based system for data-entry.

they will give logins(user name+password) for registerd dealers.

so dealers will logged to the system and giv it to employees to enter data.

i developed this, when user logged in i maintain a session file.

every time a page load it check weather session file exits or not..

but problem is a employee can copy URL and mail it somebody outside.

so they can paste it in web browser and logged-in...

how can i avoid this ??

(sample url
http://www.example.com/main.jsp?sessionID=1235021871580

Thanks.
 
Rusty Shackleford
Ranch Hand
Posts: 490
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
How are you going to stop someone from writing it down? Trying to prevent the end user from copying and pasting a URL does nothing.

You are going at this in the wrong direction. Use steps to avoid session hijacking. Don't put log-in information directly in the URL(ie don't use get). Make sure you properly use encryption to protect data and to authorize the end user. Make sure sessions close after 10 minutes or so of inactivity.

 
Guy Belpa
Ranch Hand
Posts: 41
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Rusty Shackleford wrote: Use steps to avoid session hijacking. Don't put log-in information directly in the URL(ie don't use get). ... Make sure sessions close after 10 minutes or so of inactivity.



Thank you for your reply. that what i was asking... tell me how to do that?
 
It is sorta covered in the JavaRanch Style Guide.
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic