In welcom.jsp, first check for 'username' in the session. If there's none,
then redirect the user to login page.

You can store this 'username' into the session (HttpSession) from the login
page (login1.jsp).

So, if someone directly tries to enter
http://localhost:8080/examples/jsp/welcom.jsp , the session wont have
'username' in it, and the user will be forced back to the login page.

Dont send the username to the second page as a form element (either hidden
field, or directly), because that behaviour can be easily duplicated by a
hacker.

Let me know if you have any more questions.

Ravi
Developer & Publisher
http://BabyNamesIndia.com








At 09:13 AM 2/5/01 -0800, you wrote:
>I remember someone posted Login-related question recently. I have a newbie
>question on this.
>
>In my web application, I have login1.jsp which calls login2.jsp to handle
>the actual login process.  I use JDBC-ODBC-Oracle to handle the database
>connection. If  successfully logged in, the user will be "forwarded" to a
>welcome.jsp.
>
>I am wondering how could I secure welcome.jsp so that a user can ONLY access
>welcome.jsp by a successful login?  I mean a user could just type in
>http://localhost:8080/examples/jsp/welcom.jsp, for example, to access it.
>
>Someone has metioned the secured page. Could someone explain? Where can I
>get the information or code example?
>
>Thanks a lot,
>
>Roland
>
>===========================================================================
>To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff
>JSP-INTEREST".
>For digest: mailto [EMAIL PROTECTED] with body: "set JSP-INTEREST DIGEST".
>Some relevant FAQs on JSP/Servlets can be found at:
>
>  http://java.sun.com/products/jsp/faq.html
>  http://www.esperanto.org.nz/jsp/jspfaq.html
>  http://www.jguru.com/jguru/faq/faqpage.jsp?name=JSP
>  http://www.jguru.com/jguru/faq/faqpage.jsp?name=Servlets

===========================================================================
To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff JSP-INTEREST".
For digest: mailto [EMAIL PROTECTED] with body: "set JSP-INTEREST DIGEST".
Some relevant FAQs on JSP/Servlets can be found at:

 http://java.sun.com/products/jsp/faq.html
 http://www.esperanto.org.nz/jsp/jspfaq.html
 http://www.jguru.com/jguru/faq/faqpage.jsp?name=JSP
 http://www.jguru.com/jguru/faq/faqpage.jsp?name=Servlets

Reply via email to