0

I am developing a college project and i will try to explain my problem using a small example. Below there are 3 jsp pages (index.jsp , test.jsp , logged.jsp) and i want that if the user try to access logged.jsp directly by entering url http://localhost:8080/sessionTest/logged.jsp then he will be redirected to index.jsp.

index.jsp

<%@page contentType="text/html" pageEncoding="UTF-8"%>
<!DOCTYPE html>
<html>
    <head>
        <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
        <title>JSP Page</title>
    </head>
    <body>
        <form action ="test.jsp" method="post">
            enter user id :<input type="text" name="user">
            Enter password:<input type="password" name="pass">
            <input type="submit" value="submit">
        </form>
    </body>
</html>

test.jsp

<%@page contentType="text/html" pageEncoding="UTF-8"%>
<!DOCTYPE html>
<html>
    <head>
        <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
        <title>JSP Page</title>
    </head>
    <body>
        <%
     String user= request.getParameter("user");
     String pass= request.getParameter("pass");
     if(user.equals("snow")&& pass.equals("123"))
     {
         session.setAttribute("user", user);
         RequestDispatcher r = request.getRequestDispatcher("logged.jsp");
         r.forward(request, response);
     }
     else {
         out.println("wrong pass or id");
     }
             %>
    </body>
</html>

logged.jsp

<%@page contentType="text/html" pageEncoding="UTF-8"%>
<!DOCTYPE html>
<html>
    <head>
        <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
        <title>JSP Page</title>
    </head>
    <body>
        <% session = request.getSession(false);
           if(session==null)
           {
               response.sendRedirect("index.jsp");
           }
           else{
               out.println("welcome its old session");
           }
        %>
    </body>
</html>

please , help me with some code and explain how it works

BlindCoder
  • 3
  • 1
  • 7
  • Wrong approach. You need to check the session for a session attribute like userid to check if the user is logged in, and need to do this in every page, and in every page redirect to the login screen if that condition is not met. You could either do this by putting this code at the top of every page, or by using a servlet filter. But if you only check in the login page and not the index and other pages that you want secured, someone can just go directly to index.jsp and bypass your supposed security. – developerwjk Aug 23 '17 at 22:26
  • can you explain this with some code @developerwjk. – BlindCoder Aug 24 '17 at 13:37
  • actually, a lot like Maulik Bhatt's answer below, except in reverse. At the beginning of each page that should be secured: `if(session.getAttribute("username")==null) { response.sendRedirect("login_form.jsp"); return; }` so that if the user is not logged in they are redirected to the login form. – developerwjk Sep 12 '17 at 21:16

1 Answers1

0

Try this one may be it helps you :

<%
HttpSession session = request.getSession();

if(null!=session.getAttribute("username")){
    out.write("username is "+session.getAttribute("username").toString());

    }
else{
    response.sendRedirect("/index.jsp");
    }
%>
Maulik
  • 765
  • 3
  • 14