1

I have designed a JSP login page and a corresponding servlet for server side validation. When I click on the submit button on the login page, if the provided credentials don't match then the response page presents the login page again with an added error message, as it should. When I refresh that page, however, it still shows the error message. On the other hand, if the login credentials match then the welcome page is presented, but then I can't destroy the session. That is, if I click my browser's "back" button then it presents the login page again, but if I then click the "forward" button it presents the welcome page again.

I want the error message on the login page to be suppressed if the user refreshes that page. I also want the user's session to be invalidated if he causes the login page to be presented again via the browser's "back" button, such that (among other things) he cannot then use the "forward" button to return to a page previously presented to him when he was logged in. How can I modify my code to give the application those behaviors?

Here is my code:

index.jsp

<%@ page language="java" contentType="text/html; charset=ISO-8859-1"
    pageEncoding="ISO-8859-1"%>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>Login Application</title>
</head>
<body>
    <form action="loginServlet" method="post">

            User Login
            <br>

                    User ID
                    <input type="text" name="username" >

                <br><br>
                    Password
                    <input type="password" name="userpass"><br>
                    &nbsp;&nbsp;&nbsp;&nbsp;<input type="submit" value="Login" >



    </form>
</body>
</html>

welcome.jsp

<%@ page language="java" contentType="text/html; charset=ISO-8859-1"
    pageEncoding="ISO-8859-1"%>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>Welcome </title>
</head>
<body>

    <h4>
        Welcome 
        <%=session.getAttribute("name")%></h4>
</body>
</html>

LoginDao.java

package com.test.dao;

import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;

public class LoginDao {
    public static boolean validate(String name, String pass) {      
        boolean status = false;
        Connection conn = null;
        PreparedStatement pst = null;
        ResultSet rs = null;

        String url = "jdbc:mysql://localhost:3306/";
        String dbName = "test";
        String driver = "com.mysql.jdbc.Driver";
        String userName = "root";
        String password = "12345";
        try {
            Class.forName(driver).newInstance();
            conn = DriverManager
                    .getConnection(url + dbName, userName, password);

            pst = conn
                    .prepareStatement("select * from user where email=? and password=?");
            pst.setString(1, name);
            pst.setString(2, pass);

            rs = pst.executeQuery();
            status = rs.next();

        } catch (Exception e) {
            System.out.println(e);
        } finally {
            if (conn != null) {
                try {
                    conn.close();
                } catch (SQLException e) {
                    e.printStackTrace();
                }
            }
            if (pst != null) {
                try {
                    pst.close();
                } catch (SQLException e) {
                    e.printStackTrace();
                }
            }
            if (rs != null) {
                try {
                    rs.close();
                } catch (SQLException e) {
                    e.printStackTrace();
                }
            }
        }
        return status;
    }
}

LoginServlet.java

package com.test.servlets;

import java.io.IOException;
import java.io.PrintWriter;

import javax.servlet.RequestDispatcher;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;

import com.amzi.dao.LoginDao;

public class LoginServlet extends HttpServlet{

    private static final long serialVersionUID = 1L;

    public void doPost(HttpServletRequest request, HttpServletResponse response)  
            throws ServletException, IOException {  

        response.setContentType("text/html");  
        PrintWriter out = response.getWriter();  

        String n=request.getParameter("username");  
        String p=request.getParameter("userpass"); 

        HttpSession session = request.getSession(false);
        if(session!=null)
        session.setAttribute("name", n);

        if(LoginDao.validate(n, p)){  
            RequestDispatcher rd=request.getRequestDispatcher("welcome.jsp");  
            rd.forward(request,response);  
        }  
        else{  
            out.print("Invalid Credentials"); 
            RequestDispatcher rd=request.getRequestDispatcher("index.jsp");  

            rd.include(request,response);  


        }  

        out.close();  
    }  
}
John Bollinger
  • 160,171
  • 8
  • 81
  • 157
Krishna
  • 21
  • 3
  • I have slightly formatted your code. I have also substantially rewritten the text of your question to conform better to our standards and in particular to express more specifically what (I think) you are asking. Please edit it further, if necessary, to correct any misunderstandings I may have had. – John Bollinger Dec 30 '16 at 15:42
  • Be aware, however, that you seem to have at least two separate questions there (login page refresh on one hand, "forward" and "back" buttons on the other), and you present a lot of code. Also, even with my edits, the question is quite broad. We generally expect rather specific questions, and a [mcve] for "help me with my code" questions -- with emphasis in this case on the "minimal" part. – John Bollinger Dec 30 '16 at 15:45

0 Answers0