login/-out on JSP

Discussion in 'Java' started by Matthias Kranz, Nov 28, 2003.

  1. Hi,
    I have to write an web-app, where a user can enter some information in a
    form on a JSP. The information is saved in a XML-file. Every user got his
    own file. Every user has to login and logout if he wants to view or edit his
    data
    For example, a user enters my web-app, can create an new project. There he
    has to enter a filename (i.e. "example.xml"), his name and a password. Then
    an "example.xml"-file is created where the users name and password is saved.
    To add information to the xml-file, he has to login.
    I read that it is possible to implement to login/logout with the session-id
    every user gets. Unfortunatly I dont't have any idea how to to it this way.
    Can someone please give me a hint?

    Thanks in advance!!

    Greets, Matze
    Matthias Kranz, Nov 28, 2003
    #1
    1. Advertising

  2. Matthias Kranz

    Jose Rubio Guest

    You need to create another form where the user enters de id/password and if
    successful you can redirect them to the input page.

    The session-id won't help you to login or logout someone, but it will
    prevent unauthroized access if someone goes to the input page directly. So
    your input page will check if a session exist, if it doesn't it will send
    the user back to the login form.

    Hope it helps.
    --
    Jose Rubio
    Lead Consultant
    Airphoria
    http://www.airphoria.com

    "Matthias Kranz" <> wrote in message
    news:bq8c0d$hlj$...
    > Hi,
    > I have to write an web-app, where a user can enter some information in a
    > form on a JSP. The information is saved in a XML-file. Every user got his
    > own file. Every user has to login and logout if he wants to view or edit

    his
    > data
    > For example, a user enters my web-app, can create an new project. There he
    > has to enter a filename (i.e. "example.xml"), his name and a password.

    Then
    > an "example.xml"-file is created where the users name and password is

    saved.
    > To add information to the xml-file, he has to login.
    > I read that it is possible to implement to login/logout with the

    session-id
    > every user gets. Unfortunatly I dont't have any idea how to to it this

    way.
    > Can someone please give me a hint?
    >
    > Thanks in advance!!
    >
    > Greets, Matze
    >
    >
    Jose Rubio, Nov 28, 2003
    #2
    1. Advertising

  3. > So
    > your input page will check if a session exist, if it doesn't it will send
    > the user back to the login form.


    But how do I implement this? I don't have any idea!
    Matthias Kranz, Nov 29, 2003
    #3
  4. Matthias Kranz

    Jose Rubio Guest

    This creates a new session if one doesn't exist, so this would go in the
    login page after a successful login:

    HttpSession session = request.getSession();
    Then on the other pages you'll check the session like this:

    HttpSession session = request.getSession(false);

    if ( session != null && !session.isNew() )

    {

    //Do what evere here

    }

    else

    {

    response.sendRedirect( "LoginPage" );

    }


    --
    Jose Rubio
    Lead Consultant
    Airphoria
    http://www.airphoria.com

    "Matthias Kranz" <> wrote in message
    news:bq9val$151$...
    > > So
    > > your input page will check if a session exist, if it doesn't it will

    send
    > > the user back to the login form.

    >
    > But how do I implement this? I don't have any idea!
    >
    >
    Jose Rubio, Nov 29, 2003
    #4
  5. Thanks!!!

    "Jose Rubio" <> schrieb im Newsbeitrag
    news:%t3yb.7587$...
    > This creates a new session if one doesn't exist, so this would go in the
    > login page after a successful login:
    >
    > HttpSession session = request.getSession();
    > Then on the other pages you'll check the session like this:
    >
    > HttpSession session = request.getSession(false);
    >
    > if ( session != null && !session.isNew() )
    >
    > {
    >
    > //Do what evere here
    >
    > }
    >
    > else
    >
    > {
    >
    > response.sendRedirect( "LoginPage" );
    >
    > }
    >
    >
    > --
    > Jose Rubio
    > Lead Consultant
    > Airphoria
    > http://www.airphoria.com
    >
    > "Matthias Kranz" <> wrote in message
    > news:bq9val$151$...
    > > > So
    > > > your input page will check if a session exist, if it doesn't it will

    > send
    > > > the user back to the login form.

    > >
    > > But how do I implement this? I don't have any idea!
    > >
    > >

    >
    >
    Matthias Kranz, Nov 29, 2003
    #5
  6. "Matthias Kranz" <> wrote in message news:<bq9val$151$>...
    > > So
    > > your input page will check if a session exist, if it doesn't it will send
    > > the user back to the login form.

    >
    > But how do I implement this? I don't have any idea!


    all pages (except login.jsp):
    <%
    if (!"true".equals(session.getAttribute("logged_in"))) {
    response.sendRedirect("login.jsp");
    return;
    %>

    ---------
    login.jsp:
    <% if ("logon".equals(request.getParameter("action"))) {
    String username = request.getParameter("username");
    String password = request.getParameter("password");
    // do the lookup
    if (/* valid user */) {
    session.setAttribute("logged_in", "true");
    session.setAttribute("username", username);
    response.sendRedirect(" /* where the user goes after they login */");
    return;
    } else {
    // "wrong password
    }
    %>
    // the form the user's logging in with, including:
    <input type="hidden" name="action" value="logon"/>
    Michael Scovetta, Nov 30, 2003
    #6
  7. Matthias Kranz

    GaryM Guest

    (Michael Scovetta) wrote in
    news::

    > "Matthias Kranz" <> wrote in message
    > news:<bq9val$151$>...


    > ---------
    > login.jsp:
    > <% if ("logon".equals(request.getParameter("action"))) {
    > String username = request.getParameter("username");
    > String password = request.getParameter("password");
    > // do the lookup
    > if (/* valid user */) {
    > session.setAttribute("logged_in", "true");
    > session.setAttribute("username", username);
    > response.sendRedirect(" /* where the user goes after they
    > login */"); return;
    > } else {
    > // "wrong password
    > }


    } // Don't forget missing brace

    > %>
    > // the form the user's logging in with, including:
    > <input type="hidden" name="action" value="logon"/>
    >
    GaryM, Nov 30, 2003
    #7
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. William F. Robertson, Jr.
    Replies:
    0
    Views:
    429
    William F. Robertson, Jr.
    Jul 2, 2003
  2. Hermit Dave

    Forms Login Page Not Login Out

    Hermit Dave, Jan 12, 2004, in forum: ASP .Net
    Replies:
    5
    Views:
    454
    Hermit Dave
    Jan 13, 2004
  3. Nans
    Replies:
    2
    Views:
    20,070
    Martin Marinov
    Jun 17, 2004
  4. =?Utf-8?B?Z2FyaWJhbGRp?=
    Replies:
    2
    Views:
    4,902
    =?Utf-8?B?Z2FyaWJhbGRp?=
    Feb 25, 2005
  5. Replies:
    0
    Views:
    4,325
Loading...

Share This Page