Wrox Home  
Search P2P Archive for: Go
Shopping CartView Cart  |  My Account  |  Support
Home Browse Titles

P2P Archives
 

Archive Index
Back to Active P2P Forum

 


Wrox Chapters on Demand - Download the chapters you need and take them on the go!
Wrox First - Instant Access online to new Wrox books

New Titles for ASP.NET

Cover image for product 0470190647
DotNetNuke Websites Problem Design Solution
Cover image for product 0470391847
Jumping from ASP to ASP.NET
Wrox Blox
  Return to Index  

servlets thread: getParameter method problems ??

Message #1 by "Shashank Arora" <niceguyleo@i...> on Wed, 11 Sep 2002 10:48:31
Hey :)

thnaks 4 ur tip...but i did used it before but i had to drop the idea 
since i ahve to allow multiple login sessions. so u see i really can't set 
a boolean code when logging in and reset it when logging out. 

so is there anything else that can help. do write. i'll be really glad.

thanks
Shashank :)

> Hi, maybe you can use session to control your page.
eg when your user logging you assign a value to a session variable let say 
a 
boolen variable indicate true or what ever.. and in other page what your 
need to do is check this session if it is true continue else redirect the 
user to login page.. and you need to set the session variable to false 
when 
user logout.
hope that help

regards
yuji


>From: "Shashank Arora" <niceguyleo@i...>
>Reply-To: "Servlets" <servlets@p...>
>To: "Servlets" <servlets@p...>
>Subject: [servlets] RE: getParameter method problems ??
>Date: Fri, 13 Sep 2002 10:35:44
>
>Hey :)
>
>thanks greg and thanks gaurav ... thanks 4 ur tips. i did incorporate it
>onto my code but as gaurav said the only advantage i am gettin is that on
>clicking th back button the page isn't there from the cache, but still if
>i refresh it the new page is loaded with the same paramters that were
>passed from the form before. so the problem is that i've gt to
>differentiate b/w the 2 methods. i.e. whether the paramter values are from
>the normal form submission or by refreshing.
>i hope i m clear with the exact problem..
>and gaurav u've told me a way to do that..but i really am at earth to
>understand it..and if u can help me more eg it i'll be so much greatful.
>
>Thanks..
>Shashank :)
>
>
>
> >
>u said :
>"on refreshing the page the user is able to
>generate a new valid session using the same values i.e. user and password.
>"
>So Greg,
>i think he should be using another way to tackle this..
>as removing the cache would again create a valid session for the user as
>he doesn't check state of the page ...
>it would be better if u can take control of the user's IP address
>{machine...}
>by this way this problm won't come...
>otherwise a combinatn of Javascripts with JSP u need to can try this 
out...
>by passing the data as hidden field with a mode & once refresh is done
>then thru javascript control that hidden field to indicate it was not from
>the normal form {some boolen value} submit button...
>by this way still u can control it...
>  yup this being too tiresome to implement ...
>Hope this might work out for u...
>Regards
>Gautam Khanna
>gautamkhanna27@y...
>  Greg Dunn wrote:
>
>You can prevent this by preventing the page from being loaded from cache.
>Assuming the login page is a JSP or servlet use this code to prevent
>caching:
>
>response.setHeader("Cache-Control","no-cache");
>response.setHeader("Pragma","no-cache");
>response.setDateHeader ("Expires", 0);
>
>Greg
>
>
>
>-----Original Message-----
>From: Shashank Arora [mailto:niceguyleo@i...]
>Sent: Wednesday, September 11, 2002 10:49 AM
>To: Servlets
>Subject: [servlets] getParameter method problems ??
>
>
>Hi :)
>
>i m using a login form wherein the user submits the username and the
>password and these parameters are then passed to a servlet where the
>getParameter method accesses these values which are then checked with the
>database to validate the user and start the session if validated.
>The problem that i am having is inspite of invalidating the session when
>the user logs out, if the user after loggin out clicks the back button and
>comes back to the inbox then
>
>on refreshing the page the user is able to
>generate a new valid session using the same values i.e. user and password.
>i mean only by pressing F5 anybody can get into the login after clicking
>the back button. This is really a loophole and is takin a toll on the
>security of the login feature.
>so if somebody has a solution to this, i mean any way to check whether the
>data is from the login form or by refreshin the expired page. Then do let
>me know. This wud really be a gr8 help to me.
>
>Thanks
>Shashank :)
>---
>Change your mail options at http://p2p.wrox.com/manager.asp or
>to unsubscribe send a blank email to 
>
>
>
>---
>Change your mail options at http://p2p.wrox.com/manager.asp or
>to unsubscribe send a blank email to 
>
>
>
>---------------------------------
>Do you Yahoo!?
>Yahoo! News - Today's headlines
>---
>Change your mail options at http://p2p.wrox.com/manager.asp or
>to unsubscribe send a blank email to 




_________________________________________________________________
Join the world?s largest e-mail service with MSN Hotmail. 
http://www.hotmail.com

  Return to Index  
About Wrox  |  Contact Us  |  Subscribe to an RSS Feed of New Wrox Titles
Copyright © 2000-2004 by John Wiley & Sons, Inc. or related companies. All rights reserved. Please read our Privacy Policy