Servlet security
0 posts in topic
Flat View  Flat View
TOPIC ACTIONS:
 

Posted By:   matthew_magliocca
Posted On:   Sunday, December 16, 2001 08:19 PM

I'm building a web site with servlets and static html and I'm trying to keep people out who haven't signed in. I'm doing this by using the putValue method to put in "true" to the session if they have a verfified ID. I check on every servlet to make sure that the session has a "true" in it. If not, I redirect it to the Sign_In page. However when I skip ahead to a web page after the Sign_in page and don't sign in, I discover that the session does contain the "true" value (I check using System.err). Once I sign in once, every session on TOMCAT contains the "true" value. Can anyone tell me how I can start a session that does not contain the "true" value if someone hasn't signed in that time? Is there an easier way to keep p   More>>

I'm building a web site with servlets and static html and I'm trying to keep people out who haven't signed in. I'm doing this by using the putValue method to put in "true" to the session if they have a verfified ID. I check on every servlet to make sure that the session has a "true" in it. If not, I redirect it to the Sign_In page. However when I skip ahead to a web page after the Sign_in page and don't sign in, I discover that the session does contain the "true" value (I check using System.err). Once I sign in once, every session on TOMCAT contains the "true" value. Can anyone tell me how I can start a session that does not contain the "true" value if someone hasn't signed in that time? Is there an easier way to keep people out?

   <<Less
About | Sitemap | Contact