Session Login And Logout

Hi there,

I’m currently on an application that has an administrative module. I’m experiencing problems in clearing the sessions so as to log a user out and also to login as an admin and as a user of the application. I’m using a Java Bean for this purpose.


This is the code to check to see if there is a login session as an administrator or as a user. If there is no login session, the page will display a noAuthority.jsp ….. else it will show the page contents.

<%@ page contentType="text/html; charset=iso-8859-1" language="java" import="java.sql.*" errorPage="" %>

<jsp:useBean class = "Beans.User" id = "userid" scope = "application"></jsp:useBean>
<jsp:setProperty name = "userid" property = "*"/>

<html>
<head>
<title>Untitled Document</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>
<body>

<%if (session.isNew()==true)
response.sendRedirect(response.encodeRedirectURL("login.jsp"));%>

<%
boolean userAdmin = userid.checkUser();
if (userAdmin == false)
{%> <jsp:forward page = "noAuthority.jsp" /> <%}
else
{%>
<%
String loginName = userid.getUserName();
String loginPass = userid.getUserPass();
%>

Username: <% out.println(loginName); %> <br>
Password: <% out.println(loginPass); %> <br>
<h5> Hello, <%= userid.getUserName() %> You are Authorized! </h5> <br>
<b>Session ID: </b><%= session.getId() %><br>
<a href = "LogOut.jsp">logout test</a>

<%}%>

</body>
</html>


This is the Login_action page to process the login session with validation for username and password. The admin username is hardcoded and usernames are stored in a MySQL database.


<%if (session.isNew()==true)
response.sendRedirect(response.encodeRedirectURL("login.jsp"));%>

<!-- Validation Page for Login-->
<!-- Open connection and execute query -->
<%
Class.forName("org.gjt.mm.mysql.Driver");
Connection connection = DriverManager.getConnection("jdbc:mysql://localhost:3306/test", "root", "");
Statement statement = connection.createStatement();
%>

<% ResultSet rs = statement.executeQuery("Select * from users"); %>
<%
boolean userValidate, passValidate;
userValidate = false;
passValidate = false;
String name = " ";

if (rs != null)
      {while (rs.next())
            {name = rs.getString("Username");
                        if (name.equals(request.getParameter("usernm")))
                              {userid.setUserName(name);
                              userValidate = true;
                              session.setAttribute("Pass-name", name);
                              session.setMaxInactiveInterval(60);
                               String pass = rs.getString("password");
                                    if (pass.equals(request.getParameter("pass")))
                                          {userid.setUserPass(pass);
                                          passValidate = true;}}}}

if (userValidate==true && passValidate == true)
      {response.sendRedirect(response.encodeRedirectURL("success.jsp"));}
            
else if (userValidate==true && passValidate == false)
{out.println("Password Error! Pls Try Again.");
%> <a href = "login.jsp"> BACK </a> <%}

else
{out.println("User Name Error! Pls Try Again.");}

%>




This is the logout page code. Basically clears the session created during the login.

<body>

<%if (session.isNew()==true)
response.sendRedirect(response.encodeRedirectURL("login.jsp"));%>

<%session.invalidate();%>
<h4> You were being Logged out </h4> <br>
<a href = "login.jsp"> Login </a><br>
<b>Session ID: </b><%= session.getId() %>
</body>


Currently, the problem that I’m facing is that when I logout of the application, I’m still able to access a page by typing the URL of the page into the browser twice. For example,
http://localhost:8080/newtemplate/create_user.jsp

Also, sometimes, there is an error page that shows the message; forward statement cannot proceed because a response has been committed.

Any help on this is greatly appreciated.
keneticintroubleAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

keneticintroubleAuthor Commented:
Additional Queries:

I'm using the Tomcat Web Server to host the JSP so is there such a thing as a tomcat cache that stores sessions?? If so, how can i clear that because i think my codes recognise that as a session instead of the admin module's session.

Thanks again
Mick BarryJava DeveloperCommented:
> <%if (session.isNew()==true)

You need to do more than that, that only checks if session has just been created. So the 2nd time the page is loaded it will return false.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Mick BarryJava DeveloperCommented:
You need to check userid to see if it contains an authenticated user.
Angular Fundamentals

Learn the fundamentals of Angular 2, a JavaScript framework for developing dynamic single page applications.

Mick BarryJava DeveloperCommented:
> <jsp:useBean class = "Beans.User" id = "userid" scope = "application"></jsp:useBean>

That should also have session scope, and not application.
kokchoon78Commented:
>>Also, sometimes, there is an error page that shows the message; forward statement cannot proceed because a response has been committed.

That is because the response has been committed after you try to redirect to another page :

Try to move your sendRedirect method before any html tags.

for example :

<%@ page contentType="text/html; charset=iso-8859-1" language="java" import="java.sql.*" errorPage="" %>

<jsp:useBean class = "Beans.User" id = "userid" scope = "application"></jsp:useBean>
<jsp:setProperty name = "userid" property = "*"/>

<%if (session.isNew()==true)
response.sendRedirect(response.encodeRedirectURL("login.jsp"));%>

<%
boolean userAdmin = userid.checkUser();
if (userAdmin == false)
{%> <jsp:forward page = "noAuthority.jsp" /> <%}
else
{%>

<html>
<head>
<title>Untitled Document</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>
<body>
...

objects is correct, try to use the following to check the session :

if (session.getAttribute("Pass-name") != null )



keneticintroubleAuthor Commented:
Dear Participants,

All your help has reaped success!!! I've managed to solve the problem.

With regards to objects, i can't use the scope="session" but the scope="application" tag. The former will constantly "lock" me out of the application, even if i'm logged on as the administrator.

The code that i've amended is listed below:

<% boolean userAdmin = userid.checkuser();
%>

<% if (session.isNew() == true || userAdmin == false || session.getAttribute("Pass-name") == null)
{
response.sendRedirect(response.encodeRedirectURL("login.jsp"));
}

else {

displayed contents here......


}
%>

Mick BarryJava DeveloperCommented:
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
JSP

From novice to tech pro — start learning today.