Help coderanch get a
new server
by contributing to the fundraiser
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
  • Mikalai Zaikin

How to prevent users from bypassing the flow of the pages?

Ranch Hand
Posts: 76
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Let's say I have 3 jsp pages

the person keys in the parameters for page1.jsp

page2.jsp authenticates whether the person is allowed to get data from database, if not it will throw exception message displayed in error page.

page3.jsp will then display the data in database.

Note: no servlet is used, authentication server code is on page2.jsp, there is some server code (if else ), but with functions imported from class.

Currently, it is using a session previous url to prevent from bypassing the flow of pages
This means when a user is at page1.jsp (Session data: previousurl='page1.jsp')
and is trying to access page3.jsp, there will be an error message.

However, I am not very sure session data can be easily manipulated, which might cause some security issues.

One suggestion is servlet with filters, but I am not able to find some examples on the web for preventing bypassing of pages.
straws are for suckers. tiny ads are for attractive people.
We need your help - Coderanch server fundraiser
    Bookmark Topic Watch Topic
  • New Topic