0

org.apache.jasper.JasperException: An exception occurred processing JSP page /Admin.jsp at line 25

22: }
23: }
24: }
25: if(!ourcookie.getValue().equals("authval"))response.sendRedirect("Login.jsp?ref=nocookie");
26: %>

Following is the code:

<%
Cookie[] cookies=request.getCookies();
Cookie ourcookie=null;
if(cookies!=null)
{
for(int i=0;i<cookies.length;i++)
{
if(cookies[i].getName().equals("auth"))
{
ourcookie=cookies[i];
}
}
}
if(!ourcookie.getValue().equals("authval"))response.sendRedirect("Login.jsp?ref=nocookie");
%>
Raghavendra
  • 5,281
  • 4
  • 36
  • 51
  • 1
    It says that "an exception" has thrown. Why don't you lookup it and read its message? It contains the whole answer at its own. – BalusC Feb 26 '12 at 11:37

1 Answers1

1

You don't check that ourcookie is not null before calling its getValue() method, and that probably throws a NullpointerException for non-authenticated users. Examining the logs and/or executing this code through a debugger would confirm it.

Important note: relying on the presence and value of a cookie to know if someone is authenticated is very dangerous: any script kiddie is able to send such a cookie with its requests, without the need to go through your authentication procedure. Don't rely on data coming from the client to know if a user is authenticated. Store an authenticated flag in the HTTP session, which stays at server-side.

Side note: your Java code should be indented to be much more readable, and it shouldn't be in a JSP. Scriptlets should not be used anymore. See How to avoid Java code in JSP files?.

Community
  • 1
  • 1
JB Nizet
  • 678,734
  • 91
  • 1,224
  • 1,255