-1

Session Management: I am doing a project on electronic health record system. When i log in and traverse to any new page , in that condition when i copy the url and sign out and paste the url , the page reloads on the browser. I want it to redirect to my login page? This is happening with all my pages. Like all search, update , home pages. Can any one suggest a way out of this?

BalusC
  • 1,082,665
  • 372
  • 3,610
  • 3,555
Nishant Gaurav
  • 1
  • Like piechuckerr said use filter to handle the session. you may take a look at this tutorial to better understand Fiter http://www.journaldev.com/1933/java-servlet-filter-example-tutorial – JHDev Jul 02 '16 at 08:12

2 Answers2

0

You need to add authentication to the entire site. In ASP.NET MVC, for example, you'd add the [Authorize] attribute to all controllers. When you've logged out and attempt to navigate to one of the pages with authentication required, the user would be redirected to the login page.

Not knowing what framework you're building against, though, I can't be any more helpful.

daf
  • 1,289
  • 11
  • 16
  • your answer doesn't solve his issue, I think he need(and wants) something to intercept each request and check the session. – Govinda Sakhare Jul 02 '16 at 08:10
  • I disagree -- it seems as if he has a site with a login screen but no actual authentication on the rest of the site. Your answer below is similar to injecting the AuthorizeAttribute into the ASP.NET pipeline; it's just a lot more complicated for most people to understand. – daf Jul 02 '16 at 08:38
0

I suggest you use Filter to handle the session instead of writing session checks for each and every controller method.
do something like this.

public class SessionFilter implements Filter {

   public void destroy() {
   }

   public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException 
   {

    HttpServletRequest request = (HttpServletRequest) req;
    HttpServletResponse response = (HttpServletResponse) res;
    HttpSession session = request.getSession(false);
    if (null == session) {
        response.sendRedirect("index.jsp");
    }
    Boolean isLoggedIn = session.getAttribute("isLoggedIn"); // replace with your variable
    if(!isLoggedIn)
        response.sendRedirect("index.jsp");


    chain.doFilter(req, res);
   }
}

The code above may need some modification, so do it according to your requirements. Also clear the cache to handle the back button case.

Govinda Sakhare
  • 5,009
  • 6
  • 33
  • 74