Home/ Questions/Q 3758552
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-19T10:10:47+00:00

I am working on a MIS project and currently i am creating a login

  • 0

I am working on a MIS project and currently i am creating a login system for that.
I am using servlet on server side and jquery on client side for ajax calls.

their is a login page which first checks the login status through an ajax call and if user is already logged in then it changes the page location to ‘services.html’.

when services.html loads i am again checking the login status and if user is not logged in
then i am changing the page location to ‘Login.html’ using
document.location='Login.html';

The code looks like this

$(document).ready(function() {
$("#login").hide();
    $.post("checkLogin",function(xml) {
    var status = $(xml).find("result").text();
    if (status == "yes") {
       document.location='Login.html';
    }
    else{
        // Do Nothing.
    }
});

Now the problem with the services.html page is that it checks the login status after the full page is loaded into the browser.

I don’t know any other good way to restrict Non Logged-In users to access ‘services.html’ page . As this project is quite big , i have to create a large number of private pages similar to ‘services.html’ Like ‘stuInfo.html’ For accessing Student Information etc.

Anyone please tell me any good way for this.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    You should check this in the server side, not in the client side. JavaScript runs at client side and is disableable, hackable and spoofable. You don’t want your application to be that weak.

    Put all the restricted pages in some folder, e.g. /secured and then create a Filter which is mapped on an <url-pattern> of /secured/* and checks the presence of the logged-in user in the doFilter() method.

    An example can be found in the servlet-filters tag info page.

    • 0