• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Ron McLeod
  • Rob Spoor
  • Tim Cooke
  • Junilu Lacar
Sheriffs:
  • Henry Wong
  • Liutauras Vilda
  • Jeanne Boyarsky
Saloon Keepers:
  • Jesse Silverman
  • Tim Holloway
  • Stephan van Hulst
  • Tim Moores
  • Carey Brown
Bartenders:
  • Al Hobbs
  • Mikalai Zaikin
  • Piet Souris

Login process

 
Greenhorn
Posts: 20
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I m currently working on a module in which we have to restrict user to change password when the password has expired.

I have done all the things.... suppose the password expired and user type his user name and password, the first page will open where the user must have to change password.. There is no any provision to go on another page without changing password Only user can log out from here.

But the problem is that the user can go from this page (where the user must have to change password) by writing the url address on the URL Address Bar without changing password.

What is the solution?
Please reply soon if possible.
Bye.
 
Greenhorn
Posts: 19
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hello,
I don't know whether your page is JSP or not.
If it is JSP, you can wirte a FLAG in session, for expample:
request.getSession().setAttribute("expired","true");
as soon as the user has changed his(or her) expired password,
you can change the FLAG.
You should check the flag in every page, if the password is not expired,
go to the page the user requested, or else go to the page where the user have to change his(or her) password.

Regards
 
author
Posts: 14112
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Can the user also access those pages by typing the URL into the browser without being logged in?
 
Justin Yao
Greenhorn
Posts: 19
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi,
I don't think user can access the page by typing a URL into browser without being logged in.
Evey function of the system should check whether a user has logged in. We can set the user infomation into the session, then check whether the infomation is there!

Regards
 
Ranch Hand
Posts: 1847
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
If you want to make sure the user can't type in the URL to get to a protected page, put them all inside the WEB-INF directory somewhere and use a controller servlet to forward requests to them.
That way the client never gets a URL to the pages, in fact there is no such URL.
And the controller can reject any request that doesn't have the right credentials.
 
Rancher
Posts: 43026
76
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Jeroen is right on the money. Users should not access JSPs directly. Read this article by JavaRanchs Bear Bibeault on how to design a web app that avoids this.
 
I didn't like the taste of tongue and it didn't like the taste of me. I will now try this tiny ad:
Thread Boost feature
https://coderanch.com/t/674455/Thread-Boost-feature
reply
    Bookmark Topic Watch Topic
  • New Topic