I did as follows:
On every page which must be authenticated, I check for a user ID in the
session object - if it doesn't exit, I do a redirect to a login page,
passing the url the user was trying to access as a parameter.
On the login page, if the user successfully logs in, I create a session for
him/her, and add the user ID to the session. I then redirect back to the
original page the user tried to access. This way, even if the user bookmarks
a page, he/she will be asked to login once the session has become invalid.
Some code:
On every page I add the following:
HttpSession session = request.getSession(true);
if (session.getValue("CustomerID") == null) {
response.sendRedirect (response.encodeRedirectUrl
("Login.jsp?Origin=SharePortfolio.jsp"));
}
else {
// the rest of the page ...
In Login.jsp once the user has provided the correct logon credentials:
session.putValue("CustomerID", CustomerID);
response.sendRedirect
(response.encodeRedirectUrl(request.getParameter("Origin")));
-----Original Message-----
From: Andrey Sazonov <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
Date: Friday, March 26, 1999 6:42 PM
Subject: How to force user to login
>Hi all!
>
>I have following design problem and I hope anybody can help me.I need to
>develop web based
>access to the database. Every user who try to work with this system need to
>log in before real access
>to database. It works fine with session tracking mechanism (access to
>database provided by set
>of appropriate servlets and beans).
>But problem occurs when the user bookmarked some page and the tries to come
>directly to bookmarked page.
>Does anybody know the way how to prevent this and show login page instead
>bookmarked one?
>
>I think this could be implemented by processing of all request to whole
site
>by one servlet, which will
>further dispatch all requests, but I'm afraid this could apply additional
>bottleneck to system.
>
>---------------------------
>Sincerely
>Andrey Sazonov
>([EMAIL PROTECTED])
>
>===========================================================================
>To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
>of the message "signoff JSP-INTEREST". For general help, send email to
>[EMAIL PROTECTED] and include in the body of the message "help".
===========================================================================
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff JSP-INTEREST". For general help, send email to
[EMAIL PROTECTED] and include in the body of the message "help".
