my first login.jsp which contans 2 fields userid and password and a login button on submit of the login auth.jsp will get called which check for the username and password if the username and password is correct it will execute the following code
and if everything is allrite than it will redirect to home.jsp
same as home2.jsp and so on...
But when i go directly to home.jsp or home2.jsp using address bar of my browser it is not checking for session
and also in my console there is no output for following line...which is in mu home.jsp,home1.jsp and home2.jsp
is there any perticuler reason for this behaviour ??? If i'm using the wrong technique what is the right technique to prevent user from accessing internal pages without going through login page ???
thanks in advance [ February 28, 2007: Message edited by: Jigar Naik ]
A search will turn up lots of good resources. But the premise is pretty simple: a filter that is invoked for all protected resources determines if an authentication token is present on the session. If so, the filter allows the requested resource to proceeed. If not, it forwards or redirects to a login page.
Upon successful login, the token is placed on the session. Upon logout it is removed. A session timout automatically emulates a logout.
One of the great benefits is that you don't need to put any goo on the pages themselves.