Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Why isn't my JSP session working on some computers?

Posted on 2003-11-07
5
Medium Priority
?
540 Views
Last Modified: 2010-04-01
I've set up a members-only area on a website, and it seems 95% of my members use it just fine.  There are a few, however, who e-mail me to complain that they can login to the main member page, but cannot browse to any subsequent pages.  This sounds to me like exactly the problem somebody would have if they have cookies disabled, but they swear they have cookies enabled.  It seems the majority of these users are using Mac OS 9, but not all of them.  Could you take a look at my code and let me know if there's anything I'm doing wrong that might create this problem?  Here are the relevant bits of code I'm using:

ON THE LOGIN PAGE:

<%
// *** Validate request to log in to this site.
String MM_LoginAction = request.getRequestURI();
if (request.getQueryString() != null && request.getQueryString().length() > 0) MM_LoginAction += "?" + request.getQueryString();
String MM_valUsername=request.getParameter("username");
if (MM_valUsername != null) {
  String MM_fldUserAuthorization="";
  String MM_redirectLoginSuccess="tos.jsp";
  String MM_redirectLoginFailed="sorry.jsp";
  String MM_redirectLogin=MM_redirectLoginFailed;
  Driver MM_driverUser = (Driver)Class.forName(MM_tba_DRIVER).newInstance();
  Connection MM_connUser = DriverManager.getConnection(MM_tba_STRING,MM_tba_USERNAME,MM_tba_PASSWORD);
  String MM_pSQL = "SELECT *";
  if (!MM_fldUserAuthorization.equals("")) MM_pSQL += "," + MM_fldUserAuthorization;
  MM_pSQL += " FROM tba_members WHERE username=\'" + MM_valUsername.replace('\'', ' ') + "\' AND password=\'" + request.getParameter("password").toString().replace('\'', ' ') + "\' AND exp_date > Now()";
  PreparedStatement MM_statementUser = MM_connUser.prepareStatement(MM_pSQL);
  ResultSet MM_rsUser = MM_statementUser.executeQuery();
  boolean MM_rsUser_isNotEmpty = MM_rsUser.next();
  if (MM_rsUser_isNotEmpty) {
    // username and password match - this is a valid user
    session.putValue("MM_Member_Username", MM_valUsername);
      session.putValue("membID", MM_rsUser.getObject("membID"));
      session.putValue("type", MM_rsUser.getObject("type"));
      session.setMaxInactiveInterval(216000);
    if ((request.getParameter("accessdenied") != null) && false) {
      MM_redirectLoginSuccess = request.getParameter("accessdenied");
    }
    if(Integer.parseInt(MM_rsUser.getObject("tos_flag").toString()) == 1 && Integer.parseInt(MM_rsUser.getObject("passflag").toString()) == 0){ MM_redirectLoginSuccess="tos_passchange.jsp";
    } else {
            if (Integer.parseInt(MM_rsUser.getObject("tos_flag").toString()) == 1 && Integer.parseInt(MM_rsUser.getObject("passflag").toString()) == 1){ MM_redirectLoginSuccess="membermain.jsp";}
      }
            MM_redirectLogin=MM_redirectLoginSuccess;
  }
  MM_rsUser.close();
  MM_connUser.close();
  response.sendRedirect(response.encodeRedirectURL(MM_redirectLogin));
  return;
}
%>

INCLUDED ON ALL MEMBER PAGES:

<%
// *** Restrict Access To Page: Grant or deny access to this page
String MM_authorizedUsers="";
String MM_authFailedURL="sorry.jsp";
boolean MM_grantAccess=false;
if (session.getValue("MM_Member_Username") != null && !session.getValue("MM_Member_Username").equals("")) {
  if (true || (session.getValue("MM_UserAuthorization")=="") ||
          (MM_authorizedUsers.indexOf((String)session.getValue("MM_UserAuthorization")) >=0)) {
    MM_grantAccess = true;
  }
}
if (!MM_grantAccess) {
  String MM_qsChar = "?";
  if (MM_authFailedURL.indexOf("?") >= 0) MM_qsChar = "&";
  String MM_referrer = request.getRequestURI();
  if (request.getQueryString() != null) MM_referrer = MM_referrer + "?" + request.getQueryString();
  MM_authFailedURL = MM_authFailedURL + MM_qsChar + "accessdenied=" + java.net.URLEncoder.encode(MM_referrer);
  response.sendRedirect(response.encodeRedirectURL(MM_authFailedURL));
  return;
}
%>

Alternatively, if you have any suggestions from your experience on ways to cope with this problem (I can't be the first!), I'd love to hear them.

Thanks,
Daniel
0
Comment
Question by:deolmstead
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
5 Comments
 
LVL 14

Expert Comment

by:kennethxu
ID: 9703320
you code looks fine to me exception there is something meaningless, like:
if (true || (session.getValue("MM_UserAuthorization")=="") || ....
which will always be true.

you are encoding all URLs so even if the browser doesn't support cookie, server will automatically us url rewrite for session tracking.

Are you using https? IE is known of having problem with https sessions. Can you let us know what exactly the error message user get when they click on the link and the link itself?
0
 

Author Comment

by:deolmstead
ID: 9705412
No, none of the area uses https - it's all just members-only info, no credit cards or personal information.

Users don't get an error message, they simply get redirected to the "sorry.jsp" page, as though their authentication failed.  So they login successfully, make it as far as the "welcome to the members area" page, but any link they click on from there comes up unauthorized.  It's like their session is getting reset somehow, though there's nothing on the welcome page to do that...and it wouldn't explain why it works for MOST of the population, and not these particular people.

That meaningless bit of code is puzzling.  It's the code Dreamweaver generates automatically, so I don't really know what it's supposed to accomplish.

Your help is appreciated.
Thanks,
Daniel
0
 
LVL 14

Expert Comment

by:kennethxu
ID: 9705800
I would suggest you to use standard j2ee security model:
http://www.onjava.com/pub/a/onjava/2001/08/06/webform.html

if you are using tomcat, also check out DBRealm:
http://www.onjava.com/pub/a/onjava/2001/07/24/tomcat.html?page=2 
0
 
LVL 14

Accepted Solution

by:
kennethxu earned 400 total points
ID: 9705802
also, make sure the link on your welcome page are url encoded.
0
 
LVL 14

Expert Comment

by:kennethxu
ID: 9787560
did you solved your problem?
please check out this:
http://www.experts-exchange.com/help/qnaFAQ.jsp#3
thanks.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

What monsters are hiding in your child's room? In this article I will share with you a tech horror story that could happen to anyone, along with some tips on how you can prevent it from happening to you.
One of the most important things in an application is the query performance. This article intends to give you good tips to improve the performance of your queries.
Have you created a query with information for a calendar? ... and then, abra-cadabra, the calendar is done?! I am going to show you how to make that happen. Visualize your data!  ... really see it To use the code to create a calendar from a q…
This lesson discusses how to use a Mainform + Subforms in Microsoft Access to find and enter data for payments on orders. The sample data comes from a custom shop that builds and sells movable storage structures that are delivered to your property. …
Suggested Courses

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question