Securing a jsp page

Question

I am developing a web application in jsp. In that application here is a page direction flow->

page A -> page B -> page C

Final page C should only be seen if the user visits B and B can only be seen if the user visits A. How to make that possible in jsp. Should I use session-cookie only or there is any other way? I am new in servlet. Any ideas or links would be very helpful for me.

NB: if cookie is generated then anyone can request the C page with that cookie in the headers. How to make it more secure?

Answer 1

Better way is to go with session.

setting Attribute value in B jsp like session.setAttribute("isPassedB","YES");

In C jsp

                 if(!session.getAttribute("isPassedB") !=null) {

//do your allert with redirection }

Dont forget to set the session attribute as null in A jsp

Second way is, in B jsp to V jsp link just submit the value with hidden parameter

check that parameter in c jsp and do the validation

Answer 2

There are many ways to tell if a user visited page A, and/or B.

If you want to only reinforce the security of your current system, then I recommend using a hashing algorithm, such as SHA256 or MD5, and then hash the user's IP address before storing it, and then hashing the user's IP address the next time they visit.

Also If you have a PHP server set up, you can use that to store weather the user has visited the page yet, either via a database, or a file containing IP addresses.

Another way you can do this is to put all of the HTML in one file, and use JavaScript to swap them out, and then have full control of what page the user sees first. Think of this option as the settings app of a phone; it has a list of buttons, each of which bring you to another page, all of which are contained in the same app.