vcgDevelopers
asked on
security issue
I have a servlet that has the logged info in the URL. How can I prevent the user's access to the logged in section of the site by simply changing logged=no to logged=yes?
ie
SectikonA?logged=no&SecID= 30
ie
SectikonA?logged=no&SecID=
>Boolean bool = (Boolean) request.getSession().getAt tribute("l oggedIn"); // Get the attribute
Should just be...
Boolean bool = (Boolean) session.getAttribute("logg edIn");
:-)
Should just be...
Boolean bool = (Boolean) session.getAttribute("logg
:-)
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
E.g.
HttpSession session = request.getSession(); // Get the session from the request
session.setAttribute("logg
Boolean bool = (Boolean) request.getSession().getAt