This is unintended behavior since sensitive pages that involve modifying items in the database should require a user to be logged in first.
To fix this, a check should be done before loading a page to see if a user is authenticated or not. If they are not authenticated, they should be redirected to the home page.
Some pages that should be protected by being logged in are currently accessible without being logged in.
For example, by navigating to novaemergency.live/novaweb/accountability.jsp, you are presented with all of the options for accountability without being logged in.
This is unintended behavior since sensitive pages that involve modifying items in the database should require a user to be logged in first.
To fix this, a check should be done before loading a page to see if a user is authenticated or not. If they are not authenticated, they should be redirected to the home page.