1) When user logs on using the logon page, create
a new session.
2) When getting the session on non logon page, check
to see if the session is new. You can do this using the isNew() method.
If so, then redirect the user to the logon page.
Jean
"Gopalankutty, Ravi Kumar (CTS)" wrote:
Hi list,
I am validating any client against a login and password on the first page (say index.html) and subsequently take him to my home page (say http://mysite.com/myhomepage.html). Suppose someone stumbles upon the homepage url and types it directly rather than go through the verification process. How do I prevent such access. Do session ids serve any purpose. Maybe I can do it with cookies????
I am running Apache Web Server V1.3.9 on Windows NT 4.0 and have JSDK 2.0, JServ 1.0, and JDK 1.2.
TIA
Thanks k Regards
Ravi Kumar Gopalankutty
Cognizant Technology Solutions,
Ph: 044-2354281 Extn:4423
e-mail: [EMAIL PROTECTED]
_______________________________________________________________
