I developed a web application with user authentication.
However i can see that when i am behind a proxy , the secure webpages can be seen from another computer (without authenticating) which is also using the same proxy.
This is not happening for pcs which do not use the same proxy.
This lead me to the conclusion that i have developed poorly the authentication, or i must be doing more things to ensure the privacy of my webpages.
The authenticating is done with a user object being stored inside the server session and every resource is calling, for example hello.jsp , the user object is called and privilages are checked. If the user doesnt have such privilage then the user is redirected to an error page.
Could you please advice.
Many thanks
However i can see that when i am behind a proxy , the secure webpages can be seen from another computer (without authenticating) which is also using the same proxy.
This is not happening for pcs which do not use the same proxy.
This lead me to the conclusion that i have developed poorly the authentication, or i must be doing more things to ensure the privacy of my webpages.
The authenticating is done with a user object being stored inside the server session and every resource is calling, for example hello.jsp , the user object is called and privilages are checked. If the user doesnt have such privilage then the user is redirected to an error page.
Could you please advice.
Many thanks
