0

I am working on a web app where user will login and after login it will be redirected to a page to fill some manadtory details.After filling those details user will be redirected to main app page and user can work normally.

My problem is that if after login user changes the url directly than it allows user to bypass the details filling page and go to main app page.

How can I prevent user to change the url and force him to fill the details first?

Below is the flow

Login Page --> Details Filling -->Home page

P G
  • 878
  • 1
  • 9
  • 15
  • 1
    check for the presence of a session variable – Scary Wombat Apr 18 '18 at 04:16
  • you need to restrict other urls and open Details Filling url and login url only so that when user try to change the url directly it will redirect to the same page – Abhijeet Gulve Apr 18 '18 at 04:16
  • @AbhijeetGulve how can i restrict all other urls.? After filling the details user should be able to navigate to other pages as normal and can change url directly, but all this should happen after user fills the details – P G Apr 18 '18 at 04:20
  • @ScaryWombat Should I use filter for each jsp page and check the session variable in that filter? – P G Apr 18 '18 at 04:21
  • 1
    Yes, this sounds like a good idea. The idea is that users should not navigate to JSP, then should navigate to servlets and the servlets should redirect to the jsp. So the filter will not be for **each** JSP but for all URL see http://www.oracle.com/technetwork/java/filters-137243.html – Scary Wombat Apr 18 '18 at 04:23
  • when you are storing details that time you can validate details and open the other urls – Abhijeet Gulve Apr 18 '18 at 04:26
  • @ScaryWombat Yes. Thanks for the correction. Also, Will there be any performance impact if the filter is executed for each url? – P G Apr 18 '18 at 04:28
  • *Will there be any performance impact if the filter is executed for each url?* with minimal `session` variable checking, maybe a couple of ms – Scary Wombat Apr 18 '18 at 04:29

0 Answers0