Hi there,
Im currently on an application that has an administrative module. Im experiencing problems in clearing the sessions so as to log a user out and also to login as an admin and as a user of the application. Im using a Java Bean for this purpose.
This is the code to check to see if there is a login session as an administrator or as a user. If there is no login session, the page will display a noAuthority.jsp
.. else it will show the page contents.
<%@ page contentType="text/html; charset=iso-8859-1" language="java" import="java.sql.*" errorPage="" %>
<jsp:useBean class = "Beans.User" id = "userid" scope = "application"></jsp:useBea
n>
<jsp:setProperty name = "userid" property = "*"/>
<html>
<head>
<title>Untitled Document</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>
<body>
<%if (session.isNew()==true)
response.sendRedirect(resp
onse.encod
eRedirectU
RL("login.
jsp"));%>
<%
boolean userAdmin = userid.checkUser();
if (userAdmin == false)
{%> <jsp:forward page = "noAuthority.jsp" /> <%}
else
{%>
<%
String loginName = userid.getUserName();
String loginPass = userid.getUserPass();
%>
Username: <% out.println(loginName); %> <br>
Password: <% out.println(loginPass); %> <br>
<h5> Hello, <%= userid.getUserName() %> You are Authorized! </h5> <br>
<b>Session ID: </b><%= session.getId() %><br>
<a href = "LogOut.jsp">logout test</a>
<%}%>
</body>
</html>
This is the Login_action page to process the login session with validation for username and password. The admin username is hardcoded and usernames are stored in a MySQL database.
<%if (session.isNew()==true)
response.sendRedirect(resp
onse.encod
eRedirectU
RL("login.
jsp"));%>
<!-- Validation Page for Login-->
<!-- Open connection and execute query -->
<%
Class.forName("org.gjt.mm.
mysql.Driv
er");
Connection connection = DriverManager.getConnectio
n("jdbc:my
sql://loca
lhost:3306
/test", "root", "");
Statement statement = connection.createStatement
();
%>
<% ResultSet rs = statement.executeQuery("Se
lect * from users"); %>
<%
boolean userValidate, passValidate;
userValidate = false;
passValidate = false;
String name = " ";
if (rs != null)
{while (rs.next())
{name = rs.getString("Username");
if (name.equals(request.getPa
rameter("u
sernm")))
{userid.setUserName(name);
userValidate = true;
session.setAttribute("Pass
-name", name);
session.setMaxInactiveInte
rval(60);
String pass = rs.getString("password");
if (pass.equals(request.getPa
rameter("p
ass")))
{userid.setUserPass(pass);
passValidate = true;}}}}
if (userValidate==true && passValidate == true)
{response.sendRedirect(res
ponse.enco
deRedirect
URL("succe
ss.jsp"));
}
else if (userValidate==true && passValidate == false)
{out.println("Password Error! Pls Try Again.");
%> <a href = "login.jsp"> BACK </a> <%}
else
{out.println("User Name Error! Pls Try Again.");}
%>
This is the logout page code. Basically clears the session created during the login.
<body>
<%if (session.isNew()==true)
response.sendRedirect(resp
onse.encod
eRedirectU
RL("login.
jsp"));%>
<%session.invalidate();%>
<h4> You were being Logged out </h4> <br>
<a href = "login.jsp"> Login </a><br>
<b>Session ID: </b><%= session.getId() %>
</body>
Currently, the problem that Im facing is that when I logout of the application, Im still able to access a page by typing the URL of the page into the browser twice. For example,
http://localhost:8080/newtemplate/create_user.jspAlso, sometimes, there is an error page that shows the message; forward statement cannot proceed because a response has been committed.
Any help on this is greatly appreciated.