request Authentication
Hello all,
I have a small query. Suppose you have a very secured site. Now after the user has logged in, the user copies the URL from the address bar of the browser. Then in the same browser window user opens another site (google.com). Now the user pastes the copied URL in the address bar. Here the request is bypassing the login page and the user sees the first page of the application. How can this be avoided. A classic example is some banking website, for example www.icicibank.com. On this website the above situation does not arrise as ( i guess ) each and every request is being authenticated by the web application.
Please help me !!!
[664 byte] By [
Kanua] at [2007-10-2 17:19:43]
ICICI Bank infact uses standard Session Tracking mechanism that is a required feature of any servlet /web container i.e A user session can be tracked in various ways without asking the user to re-authenticate every time, the various ways are using cookies (in this method server sends cookies to the client and the client sends the cookies back to the server during subsequent requets), using URL re-writing (if the client doesn't support cookies then the URL rewriting can be used this involves adding data, a session ID, to the URL
path that is interpreted by the container to associate the request with a session). So the session tracking mechanism is infact a benefit provided to the user to access web resources without re-authenticating everytime, so the scenario what you are quoting is an expected behaviour this is not a flaw or a defect.
