Solved

Session Login And Logout

Posted on 2003-11-30
7
166,699 Views
Last Modified: 2011-08-18
Hi there,

I’m currently on an application that has an administrative module. I’m experiencing problems in clearing the sessions so as to log a user out and also to login as an admin and as a user of the application. I’m using a Java Bean for this purpose.


This is the code to check to see if there is a login session as an administrator or as a user. If there is no login session, the page will display a noAuthority.jsp ….. else it will show the page contents.

<%@ page contentType="text/html; charset=iso-8859-1" language="java" import="java.sql.*" errorPage="" %>

<jsp:useBean class = "Beans.User" id = "userid" scope = "application"></jsp:useBean>
<jsp:setProperty name = "userid" property = "*"/>

<html>
<head>
<title>Untitled Document</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>
<body>

<%if (session.isNew()==true)
response.sendRedirect(response.encodeRedirectURL("login.jsp"));%>

<%
boolean userAdmin = userid.checkUser();
if (userAdmin == false)
{%> <jsp:forward page = "noAuthority.jsp" /> <%}
else
{%>
<%
String loginName = userid.getUserName();
String loginPass = userid.getUserPass();
%>

Username: <% out.println(loginName); %> <br>
Password: <% out.println(loginPass); %> <br>
<h5> Hello, <%= userid.getUserName() %> You are Authorized! </h5> <br>
<b>Session ID: </b><%= session.getId() %><br>
<a href = "LogOut.jsp">logout test</a>

<%}%>

</body>
</html>


This is the Login_action page to process the login session with validation for username and password. The admin username is hardcoded and usernames are stored in a MySQL database.


<%if (session.isNew()==true)
response.sendRedirect(response.encodeRedirectURL("login.jsp"));%>

<!-- Validation Page for Login-->
<!-- Open connection and execute query -->
<%
Class.forName("org.gjt.mm.mysql.Driver");
Connection connection = DriverManager.getConnection("jdbc:mysql://localhost:3306/test", "root", "");
Statement statement = connection.createStatement();
%>

<% ResultSet rs = statement.executeQuery("Select * from users"); %>
<%
boolean userValidate, passValidate;
userValidate = false;
passValidate = false;
String name = " ";

if (rs != null)
      {while (rs.next())
            {name = rs.getString("Username");
                        if (name.equals(request.getParameter("usernm")))
                              {userid.setUserName(name);
                              userValidate = true;
                              session.setAttribute("Pass-name", name);
                              session.setMaxInactiveInterval(60);
                               String pass = rs.getString("password");
                                    if (pass.equals(request.getParameter("pass")))
                                          {userid.setUserPass(pass);
                                          passValidate = true;}}}}

if (userValidate==true && passValidate == true)
      {response.sendRedirect(response.encodeRedirectURL("success.jsp"));}
            
else if (userValidate==true && passValidate == false)
{out.println("Password Error! Pls Try Again.");
%> <a href = "login.jsp"> BACK </a> <%}

else
{out.println("User Name Error! Pls Try Again.");}

%>




This is the logout page code. Basically clears the session created during the login.

<body>

<%if (session.isNew()==true)
response.sendRedirect(response.encodeRedirectURL("login.jsp"));%>

<%session.invalidate();%>
<h4> You were being Logged out </h4> <br>
<a href = "login.jsp"> Login </a><br>
<b>Session ID: </b><%= session.getId() %>
</body>


Currently, the problem that I’m facing is that when I logout of the application, I’m still able to access a page by typing the URL of the page into the browser twice. For example,
http://localhost:8080/newtemplate/create_user.jsp

Also, sometimes, there is an error page that shows the message; forward statement cannot proceed because a response has been committed.

Any help on this is greatly appreciated.
0
Comment
Question by:keneticintrouble
  • 4
  • 2
7 Comments
 

Author Comment

by:keneticintrouble
ID: 9847387
Additional Queries:

I'm using the Tomcat Web Server to host the JSP so is there such a thing as a tomcat cache that stores sessions?? If so, how can i clear that because i think my codes recognise that as a session instead of the admin module's session.

Thanks again
0
 
LVL 92

Accepted Solution

by:
objects earned 80 total points
ID: 9847580
> <%if (session.isNew()==true)

You need to do more than that, that only checks if session has just been created. So the 2nd time the page is loaded it will return false.
0
 
LVL 92

Expert Comment

by:objects
ID: 9847589
You need to check userid to see if it contains an authenticated user.
0
Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

 
LVL 92

Expert Comment

by:objects
ID: 9847600
> <jsp:useBean class = "Beans.User" id = "userid" scope = "application"></jsp:useBean>

That should also have session scope, and not application.
0
 
LVL 4

Assisted Solution

by:kokchoon78
kokchoon78 earned 70 total points
ID: 9854383
>>Also, sometimes, there is an error page that shows the message; forward statement cannot proceed because a response has been committed.

That is because the response has been committed after you try to redirect to another page :

Try to move your sendRedirect method before any html tags.

for example :

<%@ page contentType="text/html; charset=iso-8859-1" language="java" import="java.sql.*" errorPage="" %>

<jsp:useBean class = "Beans.User" id = "userid" scope = "application"></jsp:useBean>
<jsp:setProperty name = "userid" property = "*"/>

<%if (session.isNew()==true)
response.sendRedirect(response.encodeRedirectURL("login.jsp"));%>

<%
boolean userAdmin = userid.checkUser();
if (userAdmin == false)
{%> <jsp:forward page = "noAuthority.jsp" /> <%}
else
{%>

<html>
<head>
<title>Untitled Document</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>
<body>
...

objects is correct, try to use the following to check the session :

if (session.getAttribute("Pass-name") != null )



0
 

Author Comment

by:keneticintrouble
ID: 9859627
Dear Participants,

All your help has reaped success!!! I've managed to solve the problem.

With regards to objects, i can't use the scope="session" but the scope="application" tag. The former will constantly "lock" me out of the application, even if i'm logged on as the administrator.

The code that i've amended is listed below:

<% boolean userAdmin = userid.checkuser();
%>

<% if (session.isNew() == true || userAdmin == false || session.getAttribute("Pass-name") == null)
{
response.sendRedirect(response.encodeRedirectURL("login.jsp"));
}

else {

displayed contents here......


}
%>

0
 
LVL 92

Expert Comment

by:objects
ID: 9861401
0

Featured Post

Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
logging jar 1 110
how to exclude a file using regex 5 118
How to Post an If Statement in JSP 3 56
mysql jsp example issue 32 38
Data breaches are on the rise, and companies are preparing by boosting their cybersecurity budgets. According to the Cybersecurity Market Report (http://www.cybersecurityventures.com/cybersecurity-market-report), worldwide spending on cybersecurity …
February 24, 2017 — On February 23, Travis Ormandy, a vulnerability researcher at Google, reported on Twitter (https://twitter.com/taviso/status/834900838837411840) that massive stores of data have been leaked by CloudFlare, a company that provide…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

803 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question