Session management is
a very crucial technique to check whether authenticated user is using
the service or not. Only login process is not enough to manage the
authentication. System must be maintained to check every request
from the authenticated user. It should be maintained till the user
logout.
It means, system should maintain session on every page
requested by user. We can see the very strict user authentication in
bank websites.
In general, session
management should check
- Whether user has pressed back button after logout and he/she can view the pages before logout, even he/she has logged out or not?
- Whether user can view pages by directly typing the URL in browser's address bar after loged out or not?
- Whether user can view pages from browser history or not?
- Whether user has pressed browser back button and not pressed back button provided by application, even he/she is logged in (Often in banking applications).
These are some
aspects of session management, when we develop any application. This
list may be increased.
Now look here, how we manage session using JSP/Servlet.
Create login page.
Login.jsp
<form id="form1" method="post" action="loginvalidate.jsp">
<table width="835" height="217" border="1" align="center" bordercolor="" bgcolor="#C0EFDE">
<tr>
<td width="116" height="40"> </td>
<td colspan="2"><div align="center">
<h4>Login</h4>
</div></td>
<td width="219"> </td>
</tr>
<tr height="10">
<td height="56"> </td>
<td width="200"><label>
<div align="center">Username</div>
</label></td>
<td width="272"><label>
<input name="username" type="text" size="35" style="height:30px;" placeholder="Enter Your Username" required />
</label></td>
<td> </td>
</tr>
<tr height="10">
<td height="61"> </td>
<td><label>
<div align="center">Password</div>
</label></td>
<td><label>
<input name="password" type="password" size="35" style="height:30px;" placeholder="Enter Your Password" required />
</label></td>
<td> </td>
</tr>
<tr height="10">
<td height="10"> </td>
<td><label>
<div align="center">
<label> </label>
</div>
</label></td>
<td><label>
<input type="reset" name="Reset" value="Reset" />
<input type="submit" name="Submit2" value="Submit" />
</label></td>
<td> </td>
</tr>
<tr height="10">
<td height="10"> </td>
<td> </td>
<td> </td>
<td> </td>
</tr>
</table>
</form>
loginvalidate page check user from database and redirect to proper location.
loginvalidate.jsp
<%
String username=req.getParameter("username");
String password=req.getParameter("password");
Connection conn = null;
Statement stmt=null;
String user="";
String pass="";
String type="";
try
{
Class.forName("com.mysql.jdbc.Driver");
conn = DriverManager.getConnection("jdbc:mysql://localhost:3306/database","username","password");
//db.dbConnect();
stmt = conn.createStatement();
String sql="select username, password, type from users where username='"+username+"' and password='"+password+"'";
ResultSet rs = stmt.executeQuery(sql);
if(rs.next())
{
user=rs.getString(1);
pass=rs.getString(2);
type=rs.getString(3);
}
if(username.equals(user) && pass.equals(password) )
{
HttpSession session = req.getSession(true);
session.setAttribute("user", username);
session.setAttribute("type",type);
if(type.equals("admin"))
res.sendRedirect("../IT_JSF/admin/adminpanel.jsp");
if(type.equals("normal"))
res.sendRedirect("../IT_JSF/standerd/officehome.jsp");
}
else
{
res.sendRedirect("../IT_JSF/login-failed.jsp");
}
rs.close();
stmt.close();
conn.close();
}
catch(Exception e)
{
out.println(e);
}
%>
Now after successful logged in by user, check on every page that use is logged in or not by using code
if(session.getAttribute("user")!=null)
{
//allow to view the page
//your full page code
}
else
{
//redirect to login page
}
Done !!!
No comments:
Post a Comment