• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Login Page Problem????

 
Greenhorn
Posts: 24
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi,
I have a login page that lets a user enter his/her username and password. If valid it takes them to a page where they can administer a table in their database using form fields.
My question is, if another user comes along after somebody has been logged in,and presses the back button or forward button on the browser and gets passed the login page to see the administraion page , how can I stop this.
Could anyone tell me how I can stop this from happening. I'd like to use sessions but i'm not sure on how to go about it.
Thanks
Rui
 
Ranch Hand
Posts: 338
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Make the admin page and every action on the admin page check to see if the session is valid and active.
If it isn't redirect to a login or not authorized page. Then encourage people to logout and set a reasonable timeout for the sessions.
If someone leave a valid session and another person comes on the machine, there isn't much you can do. Its like I signed onto my account and then left it there for you. Maybe when the new retinalscan/fingerprint API comes out.
 
Rui Ferns
Greenhorn
Posts: 24
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi,
Thanks for the help.
I got it working.
I'm not sure what the session time out is. I haven't set it yet.
What is the default session time out?
And how do you set it?
Thanks again
rui
 
Andrew Shafer
Ranch Hand
Posts: 338
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

there is a default timeout that is set in the server configuration or you can set it with a session method, can't remember what it is exactly of the top of my head.
something like session.setMaxInterval()
Shouldn't be too hard to find.
 
Ranch Hand
Posts: 1467
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
It is
public void setMaxInactiveInterval(int interval)
PLease check online servlet API at http://java.sun.com/products/servlet/2.2/javadoc/javax/servlet /http/HttpSession.html#setMaxInactiveInterval(int)

There is another way to configure the session timeout through web.xml. But the final word is from session.setInactiveIntervel(int t) API inside your servlet code. In other words, if you set BOTH in web.xml and inside your servlet code using above API, only the API's value is taken into account.
Please check this discussion on how to configure through web.xml
http://www.javaranch.com/ubb/Forum7/HTML/003140.html
regds
maha anna

[This message has been edited by maha anna (edited May 11, 2001).]
 
Greenhorn
Posts: 2
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I used setMaxInterval(int) in my servlet. I clicked on one dropdown menu and it (javascript) brings me to different result page of the same servlet. But only very short later, the original session is timed out, although I set it as 5000 which supposed to be 5000 seconds. Anyone has similar experience, what is wrong here? Thanks.
reply
    Bookmark Topic Watch Topic
  • New Topic