JSP Login and redirect

I am developing a website.
the user should login before going inside any page of the website. however, if the user has type the page url explicitly in the browser, it will redirect to the login page and then if he login successfully it will redirect to that page the user has key in.

my problem is that :
user hasn't login , user enter "cusRefFormFtyServ.jsp?RDocID=C0000015&ReadOnly=true&InfoPage=FtyServ&LastPage=MyRefOut&LastSubPage=MyRefOut" in the browser, then it redirect to "login.jsp", user has successfully login, then it redirect to "cusRefFormFtyServ.jsp". the parameters are lost. Would somebody please tell me how to solve this problem ?
Who is Participating?
The parameters are lost because you had a new request, and the request parameters from that request are probably userid and password. You can solve your immediate problem by putting the values into a session variable. Think through what you want to be session variables, because the session variables will last until (1) you, the developer, clear them out; or (2) the user closes the browser. If you're not careful about removing them once you are done, you end up using a lot of memory for stuff you don't need.

You might want to pass your parameters through hidden fields rather than appending them to the URL string. This will keep your URL string manageable and avoid future security problems if a hacker decides to substitute another jsp page for "MyRefOut".

Good luck,

mikekwokAuthor Commented:
Would you please teach me how to put the parameters into hidden field ? would u please give me an example ?
>>how to put the parameters into hidden field ? would u please give me an example
<input type=hidden name="parameterName" value="parameterValue">

Ru redirecting page.?or forwarding ..if u forward I think ur parameter will not lost,,

U can also store ur value in session..
session.setAttribute("Name","value");..for storing
session.getAttribute("Name")..for retriving..
session.removeAttribute("Name")  for removing..


For login, I still recommend you to use session as what karanw suggest. This is the best way I can think of and I apply it into my project too. So you can check whether your session is null or not. If it is NOT null, it means that the user is login successfully and you should not redirect them. However, if it is null then you need to redirect them to login page.

So when the user log-in successfully, you should store their information into session.
session.setAttribute("Name","value");..for storing

if (session.getAttribute("Name") != null)
    // do not redirect
    // redirect to login page

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.