jps and Session

[Khanjan]

Hi everyone,

I am developing a CMS(Content Management System). I need to know how i can make sessions in jsp. After creating the Session in a login page the data like username should added in the session.In another page , addArtikel.jsp, i want to contoll if someone is logged on or not, other wise he may not use this page.

How should i do this contoll in addartikel, when i have made this in the login page :
HttpSession s = request.getSession();
s.setAttribute("naam", Username);

 

[sedj]

if (session.getAttribute("naam&quot == null) {
// not logged in
} else {
// already logged in
}

Ideally though this should be done from a database procedure call.

 

[Khanjan]

"Ideally though this should be done from a database procedure call."

What do you mean with database procedure?

"if (session.getAttribute("naam&quot == null) {
// not logged in
} else {
// already logged in
}"

Should i put this code in the login.jsp or in artikel.jsp.

I want to prevent people to access artikel.jsp by typing the URL of it. The user must be logdin, other wise he/she should see the login page.

This is what i want to achive. If you give comment, please give me some code.

Thanx

 

[venur]

Hi,

Copy the above code into artikel.jsp page.

if (session.getAttribute("naam&quot == null) {
// not logged in
response.sendRedirect("login.jsp"
} else {
// already logged in
}

Cheers,
Venu

 

[sedj]

By "database procedure call" I mean that you should really log all login-sessions into a database in order to validate the incoming user, and to verify whether they are logged in for later pages. While session objects should not be lost, my live experience is that it can happen, and so you should not rely on a session object alone to determine whether a user is logged in or not.

One way to reuse code for determing whether a use is logged in or not is to use a taglib to do it. This way, you write the validating code only once, but can call it many times rom many pages.

For each *protected* page in your website you should check whether the user is logged in. Using taglibs enables this to be simply. Check out

http://www.java.sun.com

for the tutorials on JSP and taglibs.

 

[Khanjan]

Thank you for your replyes.

<%
if (session.getAttribute("naam&quot == null || session.getAttribute("passwordAdmin&quot==null)
{
response.sendRedirect("login.jsp"
}
else
{ %>

You are logged in as:
<%= session.getAttribute("naam&quot %>
<% }%>

I am puting the above code in to Artikel.jsp.
When i am typing the URL : Localhost:8080/artikel.jsp.
I can access this page, even i if i havent logged in.
When i am closing the internet Explorer, and coming back to artikel.jsp, i am alowed to come there, Why?

<%= session.getAttribute("naam&quot %> this action gets the user name that i have put in a session in the login page. I am getting this name, even if i havent logged in, Why..?

 

[Khanjan]

In Login.jsp page after controlling the password and username i am doing this:

HttpSession s = request.getSession(true);
s.setAttribute("naam", strCheckUsername);
s.setAttribute("passwordAdmin", strCheckPassword);
s.setAttribute("loggedin", "true"

And in the Artikel.jps

String loggedin=(String)session.getAttribute("loggedin"

if (loggedin!="true&quot
{
response.sendRedirect("niet.jsp"
}

else
{ %>

You are logged in as:
<%= session.getAttribute("naam&quot %>
<% }%>

this works only once.
When i am logged with a name and try artikel.jsp it works.
But when i am coming back with another username logged in, the artikel.jsp shows the old username, Why?

Please help me,

 

[sedj]

You can not use unary operators to test for equality of String objects :

if (loggedin!="true&quot
{
response.sendRedirect("niet.jsp"
}


This should be :

  if (loggedin == null || !loggedin.equals("true")) {
    response.sendRedirect("niet.jsp");
  }
}