(Replying to the list because my direct reply bounced...)
> -----Original Message-----
> From: Srini Sathya. [SMTP:[EMAIL PROTECTED]]
>
> Can u shed more light in this one. How can create pages in the fly
> instead
> of having 3 dynamic pages.
>
> I can able to store my userid in the session. From what i understand is
> that, i have a login.jsp which validates the loigin and stores the ID in
> the
> session and forward the request to the myPage.jsp which will take the
> UserId
> and build the dynamic pages is this right??
My thought was to have the following code in myPage.jsp:
<jsp:include page=<%= request.getRemoteUser() + ".jsp" %> flush="true" />
(assuming you are using HTTP authentication)
to include the user-specific content in myPage.jsp. That way, the user
would not be able to subvert
the userid and request the content intended for another user.
Keep in mind that you cannot set headers in one.jsp etc., because it is the
function of myPage.jsp to do that.
Chris
> -----Original Message-----
> From: Polley Christopher W
>
> If you are using HTTP authentication,
> javax.servlet.http.HttpServletRequest.getRemoteUser() provides the remote
> userid, or login.jsp could store the userid in the session -- this could
> be
> used to provide the page from a single URL (i.e. myPage.jsp) instead of a
> user-specific URL (one.jsp, two.jsp, ...) and have myPage.jsp send the
> appropriate contents based on the user id.
>
> Chris
>
> > -----Original Message-----
> > From: Srini Sathya. [mailto:[EMAIL PROTECTED]]
>
> > I have a login.jsp page which creates a session and put some values in
> it.
> > Depending upon the login i need to create the jsp pages in the fly. I
> > have
> > 3 different types of jsp pages to be created for example:
> >
> > if the user name is one then i will create one.jsp
> > if the user name is two then i need to create two.jsp etc.,
> >
> > My problem is that since i am creating the session in the login.jsp a
> user
> > who logged as one can now able to access the details of the two too.
> >
> > I have restricted in the main page of all the users whether a session
> > exists
> > and then if not asking them to login. But now one user is logging as
> one
> > and he can able to change from one to two. How to prevent this??.
> Should
> > i
> > create multiple sessions or is there any workaround for this.
> >
>
___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".
Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
