• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Tim Cooke
  • Liutauras Vilda
  • Jeanne Boyarsky
  • paul wheaton
Sheriffs:
  • Ron McLeod
  • Devaka Cooray
  • Henry Wong
Saloon Keepers:
  • Tim Holloway
  • Stephan van Hulst
  • Carey Brown
  • Tim Moores
  • Mikalai Zaikin
Bartenders:
  • Frits Walraven

Setting session to true and then invalidating

 
Ranch Hand
Posts: 33
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I am still having the problem with the user using the back button and then hitting REFRESH and being able to get back to a secure page once they have logged out. I am thinking that the only solution now is to properly validate when the user logs on and then properly invalidate when the user logs out or leaves the page.
Could someone please give me some instruction on how to use the validate and invalidate and where I should use them? I have a login.jsp where the user inputs their username and password and I also have a secure.jsp which is where the validation of username and password is done and if logged in correctly they stay on this page....if not they are forwarded to another page.
Thank you!
 
Ranch Hand
Posts: 163
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hai Moined Mogul,
If the user logs in correctly do something like this in your login.jsp
session.setAttribute("LOGIN",new Boolean(true));
When the user logs out
session.removeAttribute("LOGIN");
Now check for the attribute LOGIN in your secure.jsp page
Boolean isLogin=(Boolean)session.getAttribute("LOGIN");
if(isLogin==null)
{
//kick out
}
else
{
//welcome
}
 
Ranch Hand
Posts: 76
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Here is the complete setup. I've tried this on my side and it works.
// login.jsp
<html>
<body>
<form method="post" action="/servlet/VerifyLogin">
Username: <input type="text" name="username"><br>
Password: <input type="password" name="pass"><br>
<input type="submit" value="Submit"> <input type="reset" value=" Cancel ">
</form>
</body>
</html>

// VerifyLogin.java
import java.io.*;
import javax.servlet.*;
import javax.servlet.http.*;
public class VerifyLogin extends HttpServlet
{
private HttpSession session;
public void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException
{
doPost(request, response);
}
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException
{
String username = request.getParameter("username").toString();
String password = request.getParameter("pass").toString();
session = request.getSession();
session.setAttribute("Logged", new Boolean(true));

if(username.equals("Username") &&
password.equals("Password"))
{
response.sendRedirect("/secure.jsp");
}
else
{
response.sendRedirect("/login.jsp");
}
}
}

// secure.jsp
<%
if(session.isNew() | | session.getAttribute("Logged") == null)
{
response.sendRedirect("/login.jsp");
}
%>
<html>
<body>
<a href="logout.jsp">Logout</a>
</body>
</html>
// logout.jsp
<%
session.invalidate();
response.sendRedirect("/login.jsp");
%>
This SHOULD work. If this doesn't work and the user is still able to refresh the "secure.jsp" page after logging out, then I'm not sure what to tell ya.
[This message has been edited by Rehan Malik (edited July 13, 2001).]
 
Ranch Hand
Posts: 47
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I use a static class called LoginUtil that has static methods to check various items regarding login. One of the items is a boolean called isLoggedIn which gets set in a loginBean to true upon successful login.
Then, at the top of all of my jsp's, I use LoginUtil.isLoggedIn() to check if the session is properly logged in. If it's not, I can check other things (like if the session has timed out) and redirect the browser to the login page or an error page, etc. The key is to check the status of isLoggedIn at the top of every jsp. This way, if someone bookmarks a page, the login status is checked and the user is redirected to the appropriate page.

Originally posted by Moined Mogul:
I am still having the problem with the user using the back button and then hitting REFRESH and being able to get back to a secure page once they have logged out. I am thinking that the only solution now is to properly validate when the user logs on and then properly invalidate when the user logs out or leaves the page.
Could someone please give me some instruction on how to use the validate and invalidate and where I should use them? I have a login.jsp where the user inputs their username and password and I also have a secure.jsp which is where the validation of username and password is done and if logged in correctly they stay on this page....if not they are forwarded to another page.
Thank you!


 
It wasn't my idea to go to some crazy nightclub in the middle of nowhere. I just wanted to stay home and cuddle with this tiny ad:
Gift giving made easy with the permaculture playing cards
https://coderanch.com/t/777758/Gift-giving-easy-permaculture-playing
reply
    Bookmark Topic Watch Topic
  • New Topic