login/-out on JSP

[Matthias Kranz]

Hi,
I have to write an web-app, where a user can enter some information in a
form on a JSP. The information is saved in a XML-file. Every user got his
own file. Every user has to login and logout if he wants to view or edit his
data
For example, a user enters my web-app, can create an new project. There he
has to enter a filename (i.e. "example.xml"), his name and a password. Then
an "example.xml"-file is created where the users name and password is saved.
To add information to the xml-file, he has to login.
I read that it is possible to implement to login/logout with the session-id
every user gets. Unfortunatly I dont't have any idea how to to it this way.
Can someone please give me a hint?

Thanks in advance!!

Greets, Matze

 

[Jose Rubio]

You need to create another form where the user enters de id/password and if
successful you can redirect them to the input page.

The session-id won't help you to login or logout someone, but it will
prevent unauthroized access if someone goes to the input page directly. So
your input page will check if a session exist, if it doesn't it will send
the user back to the login form.

Hope it helps.

 

[Matthias Kranz]

So

your input page will check if a session exist, if it doesn't it will send
the user back to the login form.

But how do I implement this? I don't have any idea!

 

[Jose Rubio]

This creates a new session if one doesn't exist, so this would go in the
login page after a successful login:

HttpSession session = request.getSession();
Then on the other pages you'll check the session like this:

HttpSession session = request.getSession(false);

if ( session != null && !session.isNew() )

{

//Do what evere here

}

else

{

response.sendRedirect( "LoginPage" );

}

 

[Matthias Kranz]

Thanks!!!

This creates a new session if one doesn't exist, so this would go in the
login page after a successful login:

HttpSession session = request.getSession();
Then on the other pages you'll check the session like this:

HttpSession session = request.getSession(false);

if ( session != null && !session.isNew() )

{

//Do what evere here

}

else

{

response.sendRedirect( "LoginPage" );

}


--
Jose Rubio
Lead Consultant
Airphoria
http://www.airphoria.com

 

[Michael Scovetta]

But how do I implement this? I don't have any idea!

all pages (except login.jsp):
<%
if (!"true".equals(session.getAttribute("logged_in"))) {
response.sendRedirect("login.jsp");
return;
%>

---------
login.jsp:
<% if ("logon".equals(request.getParameter("action"))) {
String username = request.getParameter("username");
String password = request.getParameter("password");
// do the lookup
if (/* valid user */) {
session.setAttribute("logged_in", "true");
session.setAttribute("username", username);
response.sendRedirect(" /* where the user goes after they login */");
return;
} else {
// "wrong password
}
%>
// the form the user's logging in with, including:
<input type="hidden" name="action" value="logon"/>

 

[GaryM]

(e-mail address removed) (Michael Scovetta) wrote in

news:<[email protected]>...

---------
login.jsp:
<% if ("logon".equals(request.getParameter("action"))) {
String username = request.getParameter("username");
String password = request.getParameter("password");
// do the lookup
if (/* valid user */) {
session.setAttribute("logged_in", "true");
session.setAttribute("username", username);
response.sendRedirect(" /* where the user goes after they
login */"); return;
} else {
// "wrong password
}

} // Don't forget missing brace