0

I want to prevent user from going back to Login page if he already logged in

 if (req.getRequestURI().indexOf("Login.jsp") != -1 || req.getRequestURI().indexOf("LoginE.jsp") != -1) {

                   System.out.println("trtying to go to login");

                 //what should I write here to redirect the user to the page he was already in ??
             }
BalusC
  • 1,082,665
  • 372
  • 3,610
  • 3,555
palAlaa
  • 9,500
  • 33
  • 107
  • 166

2 Answers2

1

Just check if the user is already logged in and then redirect to the desired target page. Assuming that user represents the logged-in user which you've grabbed from the session, here's an example:

if (req.getRequestURI().indexOf("Login.jsp") != -1 || req.getRequestURI().indexOf("LoginE.jsp") != -1) {
    if (user != null) {
        response.sendRedirect("already-logged-in.jsp");
        return;
    }
}

where that page look something like

<p>You appears to be already logged in. If you want to login as someone else, 
   please use the <a href="logout">logout</a> link to logout, or navigate to a
   different page by menu on the left hand side.</p>

I would also hide the link to the login page altogether when the user is already logged in, just to prevent that the user clicks that accidently or something.

<c:if test="${empty user}">
    <a href="Login.jsp">Login</a>
</c:if>

Unrelated to the concrete problem, what's that with Login.jsp and LoginE.jsp? Is the one in native language and the other in English? You may want to invest some time in JSTL localization facilities. How to internationalize a Java web application?

Community
  • 1
  • 1
BalusC
  • 1,082,665
  • 372
  • 3,610
  • 3,555
  • the problem is how to get the "already-logged-in.jsp" the user may type login.jps in the url, and since he's logged in, the login page shouldn't be shown to him, I have multiple roles in the system, and couldn't specify the previous requested page . thanx for new information about different languages. – palAlaa Aug 19 '11 at 16:04
  • 1
    Just do as I demonstrated in the code example: send a redirect. Don't forget to `return;` or introduce an `else` so that the filter code doesn't reach any `chain.doFilter()` call further in the method! – BalusC Aug 19 '11 at 16:12
  • I can't write sendRedirect("AdminControlPanel.jsp"); for example becouse another user doesn't have the privilege to open this page, I want a way to get the previous requested page for any request for any user. – palAlaa Aug 19 '11 at 16:19
  • 2
    I have never suggested to redirect to that kind of page. Just create a new global error page and redirect to that. It's enduser's mistake after all. The enduser has to be informed about that in a clear manner. If the enduser get redirected to a completely different page when s/he clicks login, it'll only give a "wtf?" experience. Redirecting to referrer page is not going to work reliably as the referrer value can be spoofed (edited) by the client. Storing all previous requests in the session is cumbersome. – BalusC Aug 19 '11 at 16:21
0

Depending on how your user got to the Login.jsp request, you may have lost the info about the previous request. Have you tried looking at the "Referer" header to see if the previous page is in there? You could use req.getHeaders("Referer");

If there is no referrer information, you will have to manage a Session attribute for the user, called something like "lastRequestURL". That way you can retrieve it in your code above using: req.getSession().getAttribute("lastRequestURL") and redirect the user to that value.

Mike G
  • 4,713
  • 2
  • 28
  • 31
  • The user may type login,jsp in the url. I tried req.getHeaders("Referer") here's what I get "com.sun.grizzly.util.http.ValuesEnumerator@16becb3" what does that mead? – palAlaa Aug 19 '11 at 13:37
  • 1
    So if they type login.jsp in the url, there is no previous page to send them to. "Referer", or "Referrer" is the originator of the request: http://en.wikipedia.org/wiki/HTTP_referrer. Also, req.getHeaders return an Enumeration...you can't just call toString on it you have to loop over it. – Mike G Aug 19 '11 at 13:39
  • Is it reasonable to put the lastRequestUrl in each page the system? referer should works with me, but I wonder if I have to put a value within it, or it by default get the value of the lasr request url! – palAlaa Aug 19 '11 at 14:29
  • You don't need lastRequestUrl in each page, only in a ServletFilter. Setup a ServletFilter to setAttribute("lastRequestURL", url). – Mike G Aug 19 '11 at 14:31