This is my case: I have a top.jsp file which I include in every page. It not only has all the stuff of the page header and all the links it also contains a part which does a security check. Meaning if someone�s session is expired or for any other reason does not have a valid session to view that page I want to redirect them to somewhere else.
I have tried this in many ways and have not succeeded. I get errors such as I can not redirect to a new page since the server has committed to a response. I know there are better ways to handle the security check but out of curiosity am wondering is there any way to accomplish this task?
> user logs in > after a valid login we place a boolean variable, say isValid, in his session > upon each and every request we used to check that variable from session, whether it is true or null > if true continue > otherwise redirect to the login page
You can use requestDispatcher.forward(request, response) method to forward the request to login page.
Joined: Oct 04, 2005
Maybe I wasn’t very clear explaining myself. The question is if we have a include page such as a top.jsp or header.jsp can we have any form of forward or redirect inside that include page?
I have some experience with coldfusion and this task is simply done. In any <cfinclude > you can have a <cflocation > since coldfusion has a java core I was wondering how can we achieve the same in jsp?
Depends on type of includes I use, on some it doesn’t redirect the page but as soon as it gets to that condition on which it is suppose to redirect it stops. So I get the page to that point and nothing after that. The other case is that it throws and error saying that the server is already making a response page and you cant forward or redirect to another page.
A redirect will cause an illegal state exception if it is issued after the response has been committed. So including a JSP that contains one after some output has been generated is an iffy thing to do. Depending upon the state of the output buffer, you may get an exception or you may not.
Best practice is to factor out any forwarding or redirecting decisions to the servlet controller for the page. If you are still including scriplets on your pages, at least make such decisions at the beginning of the page before any output can be emitted.
Other than that, a redirect within an include is ignored. [ January 30, 2006: Message edited by: Bear Bibeault ]