0

I am currently developing a web application in J2EE with one servlet and jps, that contains a shopping cart, I would like to know how to prevent the user from modifying the id of the item that is in the url, because when he does it automatically adds an item to the cart.

here is the example : http://localhost:8080/Online_library/BookServlet/addToBasket?action=addToBasket&idBook=63&idUser=4 if i change the id to 64 for example it will add me the item with id 64. I would like to do the same thing for other actions, like changing the settings of an account for example

Souhaib
  • 1
  • I guess that if you change idUser : it will modify the shopping card of another user ... isn't it ? One solution can be to use the httpSession to keep track of the item and the user instead of passing everything in url. – ben75 Apr 22 '21 at 10:54
  • Hi ben thank you for your answer, i'm already using session and if I changed idUser in url nothing happen it doesn't change anything in the db it's only for the shopping cart – Souhaib Apr 22 '21 at 11:36
  • You should use GET only to load data, not to modify data. Use POST instead to modify data. Otherwise plain links or even searchbots cause new items to be added to cart. This is not how the Internet is supposed to work. Take a step back and learn the basic idea behind HTTP GET and POST verbs. The abovelinked duplicate is a good start. By the way, "J2EE" has been renamed to "Java EE" in 2006 and further renamed to "Jakarta EE" in 2019. Technology moves quick. Make sure you're using up to date resources to learn the technologies and not some random "tutorial" site full of advertising banners. – BalusC Apr 22 '21 at 12:08

0 Answers0