I have a problem that's when I connect with two differents users using servlet and JSP , infromations of the first user keeps shown when I connect with any other user even I invalidate session when the connected user logout and I'm using
<meta http-equiv="Cache-Control" content="no-cache" />
<meta http-equiv="Pragma" content="no-cache" />
<meta http-equiv="Expires" content="-1" />
in all JSP pages , any other ideas please ? Thanx
you can copy and paste this code in every page of your site which clears the cached page.
<%response.setHeader("Cache-Control","no-cache");
response.setHeader("Cache-Control","no-store");
response.setHeader("Pragma","no-cache");
response.setDateHeader ("Expires", 0);
if(session.getAttribute("some_token")==null)
response.sendRedirect("login/login.html");
%>
In logout you must be invalidating session so when you click back it would check the some_token attribute value in session and if not there it will redirect you to login page . But remember after login you are setting some_token attribute in session.
Related
It is a JPA and
I`m getting the word "descri��o" on DB, and in my debug on serverside, right before the persistence, when it receives from the Form it is like "descri��o".
I have a form, <form action="..." method="post">, it has some fields and sends to a REST service, #post, and is in there that my breakpoint comes and show it.
I used <meta http-equiv="Content-Type" content="text/html" charset="UTF-8" /> on the head of the form HTML page, but it is still not as I want...
Problem: bad characters on server side.
Thanks a lot.
The meta tag is invalid ...
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
This should fix issue with the form.
You can also try the form accept-charset attribute.
Short version-display home page only if session is already created
Details
I have a login.html. It links to validation.jsp. It checks for password and then redirects to the following page.
But I want that this following page to be displayed only when the
validation is true. Otherwise if someone enters the link to the page
and finds that the page has not been logged into, it will prompt to
do it so.
It worked fine in the servlet. I created a new session in validation page
and set request.getSession(false) in the home page.
but this doesnt seem to work in jsp. If I set session=false in the page
directive, then I can not access session object at all. and if I
explicitly do what I have done in the page, it still doesn't work!!
<%# page language="java" import="java.io.*"
contentType="text/html; charset=ISO-8859-1" pageEncoding="ISO-8859-1"
import="java.util.*;"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>Insert title here</title>
</head>
<body>
<%
session=request.getSession(false);
if(session==null)
{
out.println("please login");
}
else
{
out.println("how did it run!!! ??");
out.println(application.getAttribute("one"));
out.println(session.isNew());
out.println(session.getId());
out.println("<form action='logout.jsp' method='post'>");
out.println("<input type='submit'>");
out.println("</form>");
}
%>
</body>
</html>
You don't use if(session==null) to determine if someone is logged in. Sessions are generally created automatically, and besides, you might want to use a session for something even before login. You check for a specific session attribute.
String userid = (String)session.getAttribute("userid");
if(userid!=null)
{
out.print("logged in as:" + userid);
}
Of course in the login code you have to set it:
session.setAttribute("userid", userid);
There is also no need to call request.getSession in JSP. In a servlet you would need to, but in JSP the session object is already populated with request.getSession for you.
Edit:
When you do the session=false directive then the session object isn't declared so you'll need not just to set it but actually declare it: HttpSession session = request.getSession(false); Then you will get session=null, but its dangerous to rely on this for security, as going to a page where you didn't set session=false will create the session, and your code will then think someone was validly logged in, when they were not. Even if you are certain that you put session=false everywhere, you might miss a spot, or more likely, the next developer after you will not understand you did it this way, and a security disaster is just waiting to happen.
Using session=false is intended for performance boost not security. E.g. you have a faq page that doesn't care about sessions, set session=false so people going to that link doesn't create sessions and waste memory.
A JSP creates a session by default. If you don't need session then use following
<%# page session="false" %>
I am using gwt and the gwt is including in my jsp like below
Once i clicked the menu item it is taking me to myJsp.jsp which includes gwt module and i am displaying form with upload button.
Once i click the upload, it is uloading a file (and get the blobKey) and returns back to the same jsp(myJsp.jsp) but here before dispatching to this jsp(second time) i am setting one attribute in the request.
I am trying to get that attribute in the jsp by using ${ImportId} but i am getting empty value.
The below is my jsp.
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<%# page contentType="text/html;charset=UTF-8" language="java" %>
<%# taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %>
<html>
<head>
<script type="text/javascript" language="javascript" src="/ActivityLog/ActivityLog.nocache.js">
</script>
</head>
<body>
<iframe src="javascript:''" id="__gwt_historyFrame" tabIndex='-1' class="iframe"></iframe>
<div class="wrapper">
<input type="hidden" name="memcacheHeaderId" value="${importId}" />
<div id="activityLogModule">
</div>
</div>
</div>
</body>
</html>
When ever executing gwt module ${importId} is null.
Second time before dispatching to this jsp, i am setting request.setAttribute("importId", importId); but in the jsp i am not getting this value
What might be the reason, Is there scope problem?
the only reason is you are setting value in request, as your request is completed, server discard your request.
when you are setting
request.setAttribute("importId", importId);
Than you must be redirecting to the JSP, which creates a new Request for the JSP to the Server. Meaning server creates a new request object and does not remembers the old object with your attribute set into it.
I am not much aware of gwt but in JSP-Servlet, there are 2 mechanisms 1)Redirect and 2)Forward. we use Forward mechanism to go to the JSP with the Same request object, so the attribute which is set into the Object is available on the JSP as well, because it is a copy of the request object passed in the Request.
So please check what you can do in GWT.
i have a requirement that only one user will be allowed to log in using one login id and password that means not two users will be allowed to login using the same username and id.so i thought to make a field in my Db to store the ipaddress.Suppose A has logged in then his ip address will be stored in Db and now if B wants to login then he will get alert that this user has already logged in and the ip address is A's ipaddress.and for that purpose i am using
<%# page import="java.net.*" %>
<%# page language="java" contentType="text/html; charset=UTF-8"
pageEncoding="UTF-8"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>Insert title here</title>
</head>
<body>
<%
out.println("remote address "+request.getRemoteAddr());
out.println("remote host "+request.getRemoteHost());
out.println("remote port "+request.getRemotePort());
out.println("remote user "+request.getRemoteUser());
//out.println(InetAddress.getLocalHost().getHostAddress());
out.println(request.getRemoteAddr());
//out.println(InetAddress.getLocalHost().getHostAddress().toString());
%>
</body>
</html>
but i am not getting the exact ipaddress.please tell me how to get the ipaddress.if you think this way of storing ipadddress in Db and alerting to duplicate user is not wise then yours suggestions are also welcome
remote address 0:0:0:0:0:0:0:1 remote host 0:0:0:0:0:0:0:1 remote port 38059 remote user null 0:0:0:0:0:0:0:1
For some reason, request.getRemoteAddr() did not work for you. It is quite impossible to say why without knowing the company's network you are working in.
However, you do not even need the IP-address for that. Just keep a flag if the user is currently logged in:
User | logged in?
-----+------------
A | Yes
B | No
C | No
Now, if a user tries to login, check if he/she is already logged in. If so, display an error message and avoid login.
You need to reset this flag
When the user logs out (clicking the "logout" button)
After the session times out (you can use a HttpSessionListener for that), in case that the user did not click "logout". Note: If you have a high session timeout (like 30 minutes), and the user forgets to click "logout", he/she will not be able to login for the rest of the session.
After the application is redeployed, if all sessions are destroyed then.
I'm using a captcha in my JSF page (not recaptcha or randomly generated image value, etc). Initially it gets its value from CaptchaServlet. I want to add "refresh image" button without refreshing the whole page, but the code below doesn't work.
<h:panelGrid id="grid" columns="1" style="margin-bottom:10px">
<h:graphicImage id="capimg" value="#{facesContext.externalContext.requestContextPath}/../Captcha.jpg"/>
</h:panelGrid>
The refresh button with PrimeFaces <p:commandButton>
<p:commandButton value="This" process="#this" update="grid" onclick="#{facesContext.externalContext.requestContextPath}/../Captcha.jpg"/>
refreshes the whole page.
Do you have any suggestions? Can I use a managed bean and forward to a servlet?
The <p:commandButton> uses Ajax to asynchronously update parts of the page. However, it requires that all necessary JavaScript libraries are included to do all the Ajax works. This should automatically happen when you have a <h:head> instead of a <head> in the master template. The JSF 2.0 resource management will then include the necessary <script> elements in there. If you have read the server logs, you should have noticed warnings that this has failed because the <h:head> is missing.
Here's how a minimum JSF 2.0 Facelet master template should look like, with PrimeFaces taglib declared:
<!DOCTYPE html>
<html lang="en"
xmlns="http://www.w3.org/1999/xhtml"
xmlns:f="http://java.sun.som/jsf/core"
xmlns:h="http://java.sun.som/jsf/html"
xmlns:ui="http://java.sun.som/jsf/facelets"
xmlns:p="http://primefaces.prime.com.tr/ui">
<h:head>
<title>Page title</title>
</h:head>
<h:body>
<h1>Put your content here</h1>
</h:body>
</html>
Please note the <h:head> and <h:body> instead of <head> and <body>. Rightclick the generated HTML page in the webbrowser an choose View Source. You should see the included <script> elements in there.
Update: get rid of the onclick attribute. It's not valid JavaScript code. Further you also need to ensure that the servlet response with the image is not cached by the webbrowser. You can do that by adding the following headers before you write any bit to the response:
response.setHeader("Cache-Control", "no-cache, no-store, must-revalidate"); // HTTP 1.1.
response.setHeader("Pragma", "no-cache"); // HTTP 1.0.
response.setDateHeader("Expires", 0); // Proxies.