You shouldn't use application-level security like that - get the container
to authenticate users.
Then, if you really want to force the back button to not work, force no
caching on the pages in question. See the list archives for details if you
don't know how to do this.
>From: Ruaidhr� Fernandes <[EMAIL PROTECTED]>
>Reply-To: A mailing list about Java Server Pages specification and
> reference <[EMAIL PROTECTED]>
>To: [EMAIL PROTECTED]
>Subject: Re: Login Page Problem???
>Date: Fri, 11 May 2001 06:27:20 -0700
>
>Hi,
>ok, so on my main login page, if the user has a valid
>username and password, then I create a session and
>store his username in the session and on my log out
>page I remove this from the session. But what check
>should i perform on pages to see if the the user has
>logged in or not? Like after a user logs out using the
>log out page and the hits the back button, they should
>not be allowed to see the previous pages because they
>have logged out.How can I chack this?
>thanks
>Rui
>--- Patrick Pierra <[EMAIL PROTECTED]>
>wrote:
> > I'm not sure, but i'have operated like that for my
> > application. You have to
> > create a logout link. When the user click on it, the
> > user object stored in
> > session is removed.
> >
> > <%@ page import= "lds.gui.user.User" %>
> >
> > <%
> > User tUser =
> > (User)session.getAttribute("user");
> > if ( tUser != null)
> > session.removeAttribute("user");
> > %>
> >
> > <jsp:forward page="index.jsp"/>
> >
> > Patrick PIERRA
> >
> >
> >
> > Ruaidhr� Fernandes
> > <ruaidhri_fernandes@ To:
> > [EMAIL PROTECTED]
> > YAHOO.COM> cc:
> > Sent by: A mailing
> > Subject: Login Page Problem???
> > list about Java
> > Server Pages
> > specification and
> > reference
> > <[EMAIL PROTECTED]
> > UN.COM>
> >
> >
> > 05/11/01 02:40 PM
> > Please respond to A
> > mailing list about
> > Java Server Pages
> > specification and
> > reference
> >
> >
> >
> >
> >
> >
> > Hi,
> > I have a login page that lets a user enter his/her
> > username and password. If valid it takes them to a
> > page where they can administer a table in their
> > database using form fields.
> > My question is, if another user comes along after
> > somebody has been logged in,and presses the back
> > button or forward button on the browser and gets
> > passed the login page to see the administraion page
> > ,
> > how can I stop this.
> > Could anyone tell me how I can stop this from
> > happening. I'd like to use sessions but i'm not sure
> > on how to go about it.
> > Thanks
> > Rui
> >
> > =====
> > "If a rabbit's foot is so lucky,..... what happened
> > to the rabbit?"
> >
> > __________________________________________________
> > Do You Yahoo!?
> > Yahoo! Auctions - buy the things you want at great
> > prices
> > http://auctions.yahoo.com/
> >
> >
>===========================================================================
> > To unsubscribe: mailto [EMAIL PROTECTED] with
> > body: "signoff
> > JSP-INTEREST".
> > For digest: mailto [EMAIL PROTECTED] with body:
> > "set JSP-INTEREST
> > DIGEST".
> > Some relevant FAQs on JSP/Servlets can be found at:
> >
> > http://java.sun.com/products/jsp/faq.html
> > http://www.esperanto.org.nz/jsp/jspfaq.html
> > http://www.jguru.com/jguru/faq/faqpage.jsp?name=JSP
> >
> >
>http://www.jguru.com/jguru/faq/faqpage.jsp?name=Servlets
> >
> >
>===========================================================================
> > To unsubscribe: mailto [EMAIL PROTECTED] with
> > body: "signoff JSP-INTEREST".
> > For digest: mailto [EMAIL PROTECTED] with body:
> > "set JSP-INTEREST DIGEST".
> > Some relevant FAQs on JSP/Servlets can be found at:
> >
> > http://java.sun.com/products/jsp/faq.html
> > http://www.esperanto.org.nz/jsp/jspfaq.html
> > http://www.jguru.com/jguru/faq/faqpage.jsp?name=JSP
> >
>http://www.jguru.com/jguru/faq/faqpage.jsp?name=Servlets
>
>
>=====
>"If a rabbit's foot is so lucky,..... what happened to the rabbit?"
>
>__________________________________________________
>Do You Yahoo!?
>Yahoo! Auctions - buy the things you want at great prices
>http://auctions.yahoo.com/
>
>===========================================================================
>To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff
>JSP-INTEREST".
>For digest: mailto [EMAIL PROTECTED] with body: "set JSP-INTEREST
>DIGEST".
>Some relevant FAQs on JSP/Servlets can be found at:
>
> http://java.sun.com/products/jsp/faq.html
> http://www.esperanto.org.nz/jsp/jspfaq.html
> http://www.jguru.com/jguru/faq/faqpage.jsp?name=JSP
> http://www.jguru.com/jguru/faq/faqpage.jsp?name=Servlets
_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com
===========================================================================
To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff JSP-INTEREST".
For digest: mailto [EMAIL PROTECTED] with body: "set JSP-INTEREST DIGEST".
Some relevant FAQs on JSP/Servlets can be found at:
http://java.sun.com/products/jsp/faq.html
http://www.esperanto.org.nz/jsp/jspfaq.html
http://www.jguru.com/jguru/faq/faqpage.jsp?name=JSP
http://www.jguru.com/jguru/faq/faqpage.jsp?name=Servlets
