This week's book giveaway is in the Server-Side JavaScript and NodeJS forum.
We're giving away four copies of Modern JavaScript for the Impatient and have Cay Horstmann on-line!
See this thread for details.
Win a copy of Modern JavaScript for the Impatient this week in the Server-Side JavaScript and NodeJS forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Ron McLeod
  • Paul Clapham
  • Bear Bibeault
  • Junilu Lacar
Sheriffs:
  • Jeanne Boyarsky
  • Tim Cooke
  • Henry Wong
Saloon Keepers:
  • Tim Moores
  • Stephan van Hulst
  • Tim Holloway
  • salvin francis
  • Frits Walraven
Bartenders:
  • Scott Selikoff
  • Piet Souris
  • Carey Brown

Login problem

 
Ranch Hand
Posts: 59
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Ranchers!!

I am creating a login page in jsp where a user has to give authorised user name and password then only he can enter to home page.

Now the problem is that if a user successfully get login and enter to home page and then when then he clicks on browser's back button it again goes to login page and on that page if now this time user do not enter any username ,password and click on browser's forward button at that time also he is also able to land on home page. So question is that does there any way/method in jsp or servlet(other than doing it in java script) through which we can restrict user's home page landing in case of later one.

Thanks in advance !!
[ September 22, 2008: Message edited by: Bear Bibeault ]
 
Bartender
Posts: 4179
22
IntelliJ IDE Python Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
You will want to make sure of two things:

1) You have all the no-cache headers set for every page that should be behind a user login and on the login page so when they press back after a login the user can't see previous data.



2) When you Post the login form it should go to a Servlet that checks the username and password. After the check is successful then the Servlet should use a response.sendRedirect() to the successful login page. This will prevent the Back-Forward buttons from access to the form Post and thus from un-intended logins.

Sometimes I see it suggested that you should also put a token in the login form that the server can use to identify the request and make sure that this sort of thing doesn't happen even if the browser stores the username/password in a manner that the caching above won't fix.

In the form enter a unique value (random number/character sequence, date/time... ) and store it in the session.

Then on the login servlet:
 
mishug Goyal
Ranch Hand
Posts: 59
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Steve,

i have tried with both the ways but problem still persist....
might be this is due to some specific seesion time duration set by the container...

what you says.....
 
Bartender
Posts: 2856
10
Firefox Browser Fedora Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

might be this is due to some specific seesion time duration set by the container...


The session time is not set by the container. You can specify one in the deployment descriptor.
 
Steve Luke
Bartender
Posts: 4179
22
IntelliJ IDE Python Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Originally posted by mishug Goyal:
Hi Steve,

i have tried with both the ways but problem still persist....
might be this is due to some specific seesion time duration set by the container...

what you says.....



How do you check if the user is logged in?
 
mooooooo ..... tiny ad ....
Thread Boost feature
https://coderanch.com/t/674455/Thread-Boost-feature
    Bookmark Topic Watch Topic
  • New Topic