JSP Login and redirect

Posted on 2005-04-28
Last Modified: 2008-02-01
I am developing a website.
the user should login before going inside any page of the website. however, if the user has type the page url explicitly in the browser, it will redirect to the login page and then if he login successfully it will redirect to that page the user has key in.

my problem is that :
user hasn't login , user enter "cusRefFormFtyServ.jsp?RDocID=C0000015&ReadOnly=true&InfoPage=FtyServ&LastPage=MyRefOut&LastSubPage=MyRefOut" in the browser, then it redirect to "login.jsp", user has successfully login, then it redirect to "cusRefFormFtyServ.jsp". the parameters are lost. Would somebody please tell me how to solve this problem ?
Question by:mikekwok
    LVL 6

    Accepted Solution

    The parameters are lost because you had a new request, and the request parameters from that request are probably userid and password. You can solve your immediate problem by putting the values into a session variable. Think through what you want to be session variables, because the session variables will last until (1) you, the developer, clear them out; or (2) the user closes the browser. If you're not careful about removing them once you are done, you end up using a lot of memory for stuff you don't need.

    You might want to pass your parameters through hidden fields rather than appending them to the URL string. This will keep your URL string manageable and avoid future security problems if a hacker decides to substitute another jsp page for "MyRefOut".

    Good luck,


    Author Comment

    Would you please teach me how to put the parameters into hidden field ? would u please give me an example ?
    LVL 11

    Expert Comment

    >>how to put the parameters into hidden field ? would u please give me an example
    <input type=hidden name="parameterName" value="parameterValue">

    Ru redirecting page.?or forwarding ..if u forward I think ur parameter will not lost,,

    U can also store ur value in session..
    session.setAttribute("Name","value");..for storing
    session.getAttribute("Name")..for retriving..
    session.removeAttribute("Name")  for removing..

    LVL 16

    Expert Comment


    For login, I still recommend you to use session as what karanw suggest. This is the best way I can think of and I apply it into my project too. So you can check whether your session is null or not. If it is NOT null, it means that the user is login successfully and you should not redirect them. However, if it is null then you need to redirect them to login page.

    So when the user log-in successfully, you should store their information into session.
    session.setAttribute("Name","value");..for storing

    if (session.getAttribute("Name") != null)
        // do not redirect
        // redirect to login page


    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    How to run any project with ease

    Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
    - Combine task lists, docs, spreadsheets, and chat in one
    - View and edit from mobile/offline
    - Cut down on emails

    These days socially coordinated efforts have turned into a critical requirement for enterprises.
    Great sound, comfort and fit, excellent build quality, versatility, compatibility. These are just some of the many reasons for choosing a headset from Sennheiser.
    Need more eyes on your posted question? Go ahead and follow the quick steps in this video to learn how to Request Attention to your question. *Log into your Experts Exchange account *Find the question you want to Request Attention for *Go to the e…
    Sending a Secure fax is easy with eFax Corporate ( First, Just open a new email message.  In the To field, type your recipient's fax number You can even send a secure international fax — just include t…

    761 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    10 Experts available now in Live!

    Get 1:1 Help Now