Hi all
IMHO all coming from a user agent (browser) is NOT
reliable as the general session tracking data
except for relatively stable HTML elements. In the
case described and other of sort it would be the best
to remember in the session object or other persistent
object (file?) the track record of ALL session events
so that in every service/doPost/doGet you know exactly
how it come and what has preceded it. The archive has
a lot on this, and here we go again.
-----Original Message-----
From: A mailing list for discussion about Sun Microsystem's Java Servlet API
Technology. [mailto:[EMAIL PROTECTED]]On Behalf Of Saifi ,Khan
(CTS)
Sent: Wednesday, February 02, 2000 9:11 PM
To: [EMAIL PROTECTED]
Subject: Re: Entry to WebApp
Hi:
Consider the following scenario
Auth -> A -> B -> C
Now we want that for accessing the page B, the request should have
come only after visiting A.
One solution is to use HTTP_REFERER server variable to find the
the URL from where the request came in.
If others on the mailing list are aware of other approaches, I
would like to learn about them.
Thanks
Saifi.
-----Original Message-----
From: onet-servlets [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, February 02, 2000 5:03 PM
To: [EMAIL PROTECTED]
Subject: Entry to WebApp
Hello,
How can I ensure exactly one entry to my web application - through an
'authentication page' ?
What should I do to make other pages directly inaccessible ?
Krzysztof
Marcinowicz
___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".
Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
