I recently made a B / S system in Java, in order to prevent unwaver access systems, I adopted the session object. If the user logs in the system through the landing page, after the login is successful, use session.setttribute ("UserID", userid; written to the Session object. I am added to the server program:
:
:
HttpSession session = request.getations (TRUE);
IF (session.isnew ())
{
Response.sendRedirect ("login.htm");
}
Else
{
String userid = (string) session.getattribute ("UserID");
IF (userid == NULL)
Response.sendRedirect ("login.htm");
Else
{
:
:
If the user did not pass the landing page, the session object is certainly new.
If the user has access to the system's other no login, you can access the page, then the session object has been created, session.isnew () returns
False. Then need to determine if the userid is empty.
