Win a copy of Murach's Python Programming this week in the Jython/Python forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic

Checking a href value in servlet  RSS feed

 
Manish Sahni
Ranch Hand
Posts: 41
Java Netscape Safari
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,

i have a JSP that has an a href tag :



and in My javascript i am encoding the ID and then submitting the form :-

'



In Servlet, i am getting the ID value as :

String id = request.getParameter("id");

and then decoding the value within the servlets.

Now , my problem is whenever i am hitting the direct link within the servlets using the encoded id that i had passed within the javascript , then the request is again processed.

I need to stop the request from processing if user copies the encoded id and hit the servlet directly .

Example Scenario :-

Suppose id encoded in the javascript and the URL formed is :

http://localhost:8080/MyServlets/abc.do?id=QQWWEEEggie66573== (encoded).

URL formed and submitted via javacript onclicking a link

In controller :-

Id decoded and form processed.

Problem :- Need to stop if the user copies the URL and directly hits from the brower without clicking the link

example :-
http://localhost:8080/MyServlets/abc.do?id=QQWWEEEggie66573==

How can i stop that and determine whether the a href is clicked or user is directly hitting the url.

Thanks
 
Bear Bibeault
Author and ninkuma
Marshal
Posts: 65828
134
IntelliJ IDE Java jQuery Mac Mac OS X
  • Likes 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
You can't. From the point of view of the server, the requests are identical.
 
Pat Farrell
Rancher
Posts: 4678
7
Linux Mac OS X VI Editor
  • Likes 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Not only can you not tell them apart, but its very bad design to trust anything from the browser. Your example, that the user copy/pastes the URL is just the first of many.

You must assume that you are not talking to a friendly user with a browser, but rather an evil script that is programmed to interact with your site. Expect the evil script to do bad things.
 
Manish Sahni
Ranch Hand
Posts: 41
Java Netscape Safari
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks everyone..

Me too was thinking that the request will be the same for the server for that session..


 
It is sorta covered in the JavaRanch Style Guide.
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!