Hi,Im makin a web based application.For users to access it they need to login.
I m using java,jsp,html for this.I wish to know how can i prevent access to the pages of application without logging in i.e. if user types in URL of some page of application in the address bar he should be redirected to login page and only if login is correct should he be allowed to access the pages in application.Thx.

I don't know if there are better ways to do it but here is my suggestion. When the user logs in take the username and when the user goes to another page, send the username with the other data as hidden:
<input type="hidden" value="<%= username%>" name="username">
When you get to the other page take the username and check if it is null or not.
If someone who hasn't logged in tries to view a page, the username will be null and you will redirect him to the login page.
Moreover when a user wants to log out you can set the username to be null and send it with the request to whatever page you want to send it.

i am looking for a similar solution..
i have an html page which contains login and password fields
now i validate the username and password using jsp. that is, i use scriptlet tag in it and write jdbc code and verify the entered login id and password with already stored values in database.
now my problem,
i want registered users to access a particular webpage and admins another webpage. how can i do that?
and moreover though normals users(registeres and unregistered) type the url of an admin page, they should be redirected to login page..
how can i do that?

am I making things complicated??

Start your own thread, and
In the database, where you store the usernames and passwords you can have an additional column that indicates if the user is admin or not.
When you login get that info along with the username and password. If the user logged in successful, use the info that was read from the extra column to decide where to redirect.
Also save in the session if the user logged in is an admin or not to check that whenever you go to to other pages

If you are going to save session info in the HTML you should also set a timestamp and check for expiry. Otherwize someone could log in, then save a favourite. That favourite would then work weeks later without another login.

thanks javaAddict!!!
thank u so much..
@JamesCherill
thanks for replying to my thread..
i am using cookies instead of sessions. even in this case can anyone set as favourite ?
if yes, how to use that time stamp in jsp cookies. please let me know..

I think you have exactly te same problem with cookies, except that they have an expiry mechanism built in. Sorry, I don't know how to set it via jsp.

the values of cookies get lost once browser is closed. i dont know what happens if the page is saved as favourite....

thanks again for replying to my posts...

the values of cookies get lost once browser is closed..

This is a browser option - keep until expired / keep until end of session / ask me (in Firefox). Keep until expired is, I believe, the default.

IE8's FAQs state

Persistent cookies (or saved cookies) remain on your computer after you close Internet Explorer. Websites use them to store information, such as your sign-in name and password, so that you don't have to sign in each time you go to a particular site. Persistent cookies can remain on your computer for days, months, or even years.

thanks again.
I understand,
i am not a professional. i am just a student. the text book says that way( only till browser is open)

so, now how exactly should I overcome this problem?
i'll try the setmaxage as JavaAddict said,
any other solution is also welcome..

i meant. since the text book says that way, i thought thats true.
but your information also seems correct..

That's OK. We're all here to learn. When you stop learning new things your life is over...
ps. Textbooks are OK, but by the time they've been written, edited, typeset, printed, send to the shop, put on a shelf & sold, they're out of date. Good for general principles and theory, but useless for current software details.

well,
i am doing this for my project. ofcourse it is not going to be implemented anywhere . lol. so i think i'll leave about favourites.
but hoping project evaluator is not as intelligent as JamesCherill
and so wont ask this question during evaluation. :) :)
(no offence)
Now, I have another question..
i have an html page with a hyperlink. when i click on it. it should move on to other html page and display the records of a database in that second html page.

so i'll write a jsp (writing jdbc code in it)to retrieve the records and now since i redirect to a second html page. how do i make the records displayed on the redirected page?

is my question clear or am I making it complicated?

well,
i am doing this for my project. ofcourse it is not going to be implemented anywhere . lol. so i think i'll leave about favourites.
but hoping project evaluator is not as intelligent as JamesCherill
and so wont ask this question during evaluation. :) :)
(no offence)
Now, I have another question..
i have an html page with a hyperlink. when i click on it. it should move on to other html page and display the records of a database in that second html page.

so i'll write a jsp (writing jdbc code in it)to retrieve the records and now since i redirect to a second html page. how do i make the records displayed on the redirected page?

is my question clear or am I making it complicated?

when ever redirect is used all the request attribute are lost so we have to use either cookies or session.but there is alway a risk associated with cookies as it depends upon browser settings.so it will be better to use session object.
use a servlet between two pages
pass primary key(key on which you have to retrieve data from database) on hyperlink as parameter.
simply make database connection here and get all the data which you have to display.now you have a resultset at this servlet having required data.set this resultset in
request(you may also use java bean having setters and getters) and then forword it
to 2nd jsp.now by using scriplet you may get resultset and display data.

<a href="middleservlet?primarykey=key "></a>

if(request.getParameter("primarykey")!=null){					    
						     
 String key=(String)request.getParameter("key");
   }

create database connection....., get data on 'key'.set in request and forword to 2nd jsp

well, thanks RanVijay for answering.
but my doubt is not cleared. I dont understand the need for a second jsp page. and i cant understand how to write on to a redirected page.
anyway, as per request of others i've created a new thread. so anyone who knows the solution please answer there.
the link for the newthread is
http://www.daniweb.com/forums/post891775.html#post891775

This article has been dead for over six months. Start a new discussion instead.