I'm making a voting software for the school elections. Im using HTML, CSS Javascript for frontend, and Servlets for backend. I have an issue with auth [duplicate]

Im using HttpServlets.There is a login page where users can login. The data goes to a login servlet, which turns the user to authenticated user, and the auth servlet allows user to enter admin.html. If not authenticated, then auth servlet denies access and redirects back to index.html(login page).To ensure that the user does not directly go to admin.html and bypass login, I have a code in Javascript on admin.html.

When i login with correct details, it takes me to admin.html for one second, and then redirects me back to index.html. This is not supposed to happen. after i remove the javascript from admin.html, it allows me to stay, but users can directly access admin.html thereby bypassing login.I need help only for this Auth thing.(gr is like username, password is password)

This is AuthServlet:

package com.UVS;import java.io.IOException;import jakarta.servlet.ServletException;import jakarta.servlet.annotation.WebServlet;import jakarta.servlet.http.HttpServlet;import jakarta.servlet.http.HttpServletRequest;import jakarta.servlet.http.HttpServletResponse;import jakarta.servlet.http.HttpSession;@WebServlet("/checkAuthentication")public class AuthServlet extends HttpServlet {    private static final long serialVersionUID = 1L;    protected void doGet(HttpServletRequest request, HttpServletResponse response)            throws ServletException, IOException {        HttpSession session = request.getSession(false);        String requestURI = request.getRequestURI();        // Skip redirection if user is trying to access the login page        if (session == null || session.getAttribute("authenticated") == null) {            if (!requestURI.endsWith("index.html")) {                response.sendRedirect("index.html"); // Redirect to login if not authenticated                return;            }        }        // Redirect to the requested page if user is authenticated        if (session != null && session.getAttribute("authenticated") != null && requestURI.endsWith("admin.html")) {            return; // Allow access to admin.html if authenticated        }        // Redirect to index.html by default        response.sendRedirect("index.html");    }}

This is Javascript from admin.html:

<script>//Check if the user is authenticatedfunction checkAuthentication() {    fetch('/checkAuthentication')        .then(response => {            if (!response.ok) {                window.location.href = 'index.html'; // Redirect to login if not authenticated            }        })        .catch(error => {            console.error('Error:', error);            alert('An error occurred while checking authentication status.');        });}document.addEventListener('DOMContentLoaded', () => {    checkAuthentication();});</script>

This is LoginServlet:

package com.UVS;import java.io.IOException;import jakarta.servlet.RequestDispatcher;import jakarta.servlet.ServletException;import jakarta.servlet.annotation.WebServlet;import jakarta.servlet.http.HttpServlet;import jakarta.servlet.http.HttpServletRequest;import jakarta.servlet.http.HttpServletResponse;import jakarta.servlet.http.HttpSession;@WebServlet("/login")public class LoginServlet extends HttpServlet {    protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {        String gr = request.getParameter("gr");        String password = request.getParameter("password");        String redirectPage = validateLogin(gr, password);        if (redirectPage != null) {            // Set session attribute to indicate user is logged in            HttpSession session = request.getSession();            session.setAttribute("authenticated", true);            // Redirect to the specified page            response.sendRedirect(redirectPage);            return; // Return after redirect to prevent further execution        }        // Handle failed login        response.sendRedirect("index.html?loginFailed=true"); // Redirect to index.html with loginFailed parameter    }    private String validateLogin(String gr, String password) {        // Dummy validation logic (replace with actual validation)        if (gr.equals("2398") && password.equals("mango")) {            return "jvc.html"; // Redirect to jvc.html if gr is 2398 and password is mango        } else if (gr.equals("0000") && password.equals("admin")) {            return "admin.html"; // Redirect to admin.html if gr is 0000 and password is admin        } else {            return null; // Return null for failed login        }    }}

This is the web.xml:

*HIDDEN INFO*<servlet><servlet-name>abc</servlet-name><servlet-class>com.backend.LoginServlet</servlet-class></servlet><servlet-mapping><servlet-name>abc</servlet-name><url-pattern>/add</url-pattern></servlet-mapping><servlet><description></description><display-name>AuthenticationFilter</display-name><servlet-name>AuthenticationFilter</servlet-name><servlet-class>com.UVS.AuthenticationFilter</servlet-class></servlet><servlet-mapping><servlet-name>AuthenticationFilter</servlet-name><url-pattern>/AuthenticationFilter</url-pattern></servlet-mapping></web-app>