This week's book giveaway is in the OCAJP forum.
We're giving away four copies of Programmer's Guide to Java SE 8 Oracle Certified Associate (OCA) and have Khalid A Mughal & Rolf W Rasmussen on-line!
See this thread for details.
Win a copy of Programmer's Guide to Java SE 8 Oracle Certified Associate (OCA) this week in the OCAJP forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Session code doesn't get executed in jsp

 
Jigar Naik
Ranch Hand
Posts: 762
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi have 5 jsp

my first login.jsp which contans 2 fields userid and password and a login button on submit of the login auth.jsp will get called which check for the username and password if the username and password is correct it will execute the following code



and if everything is allrite than it will redirect to home.jsp

my home.jsp



my home1.jsp



same as home2.jsp and so on...

But when i go directly to home.jsp or home2.jsp using address bar of my browser it is not checking for session

and also in my console there is no output for following line...which is in mu home.jsp,home1.jsp and home2.jsp



is there any perticuler reason for this behaviour ??? If i'm using the wrong technique what is the right technique to prevent user from accessing internal pages without going through login page ???

thanks in advance
[ February 28, 2007: Message edited by: Jigar Naik ]
 
Bear Bibeault
Author and ninkuma
Marshal
Pie
Posts: 65105
89
IntelliJ IDE Java jQuery Mac Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Originally posted by Jigar Naik:
If i'm using the wrong technique what is the right technique to prevent user from accessing internal pages without going through login page ?


Filters.
 
Jigar Naik
Ranch Hand
Posts: 762
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks
 
Bear Bibeault
Author and ninkuma
Marshal
Pie
Posts: 65105
89
IntelliJ IDE Java jQuery Mac Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
A search will turn up lots of good resources. But the premise is pretty simple: a filter that is invoked for all protected resources determines if an authentication token is present on the session. If so, the filter allows the requested resource to proceeed. If not, it forwards or redirects to a login page.

Upon successful login, the token is placed on the session. Upon logout it is removed. A session timout automatically emulates a logout.

One of the great benefits is that you don't need to put any goo on the pages themselves.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic