Win a copy of Head First Android this week in the Android forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Tim Cooke
  • Campbell Ritchie
  • Paul Clapham
  • Ron McLeod
  • Liutauras Vilda
Sheriffs:
  • Jeanne Boyarsky
  • Rob Spoor
  • Bear Bibeault
Saloon Keepers:
  • Jesse Silverman
  • Tim Moores
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
Bartenders:
  • Piet Souris
  • Al Hobbs
  • salvin francis

How to end session in my code?

 
Greenhorn
Posts: 12
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi Guys,

I am newbie in Java Servlet. I start working on Login/Logout application. My Problem is that when I successfully login it will go to welcome page and try to logout then when I press the Back button at the browser, it will back to welcome page which shouldn't be.

How to fix this?


Please I need help.

Here's my code:
-Login.java


-Logout


-Validate


-Welcome


-index.html


-web.xml


Thanks Guys,
 
Sheriff
Posts: 6871
1312
IntelliJ IDE jQuery Eclipse IDE Postgres Database Tomcat Server Chrome Google App Engine
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Your code doesn't use sessions. It simply dispatches to a page if the credentials are correct. The correct way would be as this:

1. Check if username/password are correct.
2. Create a session
3. Add a User object as a session attribute.
4. Redirect user to your protected page.

5. Requests to the prrotected page should be intercepted from a filter or a front controller, where you can deny dispatching to the protected template if the expected session attribute is not found.
6. To log out, call session.invalidate() or remove the session attribute.

To further protect your page with back button, add cache control headers to the pages you want to protect.

Read these articles: NoCacheHeaders and PostRedirectGet.

 
Ranch Hand
Posts: 30
Eclipse IDE Tomcat Server Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi Lester Carmelotes,

To be honest, I did not take a look at your code. Nevertheless, based on your problem description, I would suggest you to take a look at http://answers.google.com/answers/threadview/id/574062.html

You do not need to do anything in your servlet but in JSP just add the following code.



Hope you know where to add the code in your JSP?
 
Sheriff
Posts: 67595
173
Mac Mac OS X IntelliJ IDE jQuery TypeScript Java iOS
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
That's a hack that provides no security whatsoever. Script in the browser is easy to defeat. The answer is to properly uses sessions, and to make sure that the headers are set so as not to cache the pages,
 
Lester Carmelotes
Greenhorn
Posts: 12
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Thanks for the reply guys, Very much appreciated.

I have found this code:



My problem is how can I change this code:



to this code:



I tried this one but won't worked. Sorry guys I am newbie and still learn this Java Servlet.



Any suggestion?

thanks guys!
 
Greenhorn
Posts: 10
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I dont think that the code for fetching user details from a database should be written in init() method.As init method called once only in the servlet life cycle and if , in case, the user details like password will be updated from backend using query or from any updation form, then in that case the users Map object will always contain a old user information i.e password.

So it's better to write your code of fetching user details from a database in a execute method.
 
Greenhorn
Posts: 8
Hibernate Spring Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
The problem which you are getting is called double posting problem.
There are many approaches in coding world one approach is below

Using a server side and client side key that changes with each post. It works like this:
Generate a unique (random) key on the server and place it in the session and also in a hidden field.
When the user posts back the first time compare the key in the hidden field to the key in the session, and, if they match, accept the input and then change or remove the key from the session and update the hidden field as well.
If the user manages to click submit twice the second post will fail because the hidden field in the HTML will no longer match the session variable until the page has been refreshed.

Also the code which you posted is not the standard of doing this authentication.
Please follow what Devaka Cooray has suggested in his post.
 
reply
    Bookmark Topic Watch Topic
  • New Topic