I want to be able to detect when an invalid request has been sent. i.e accessing an application via a bookmark link but obviously still has a valid session. Or lets say a user is in java.sun.com/form.jsp and changes the url to www.google.com and then a few minutes later changes url back to java.sun.com/form.jsp.
How can I detect that the request above is not valid therefore invalidate such session (forwarding the user to login.page)
I have read about struts tokens but considering struts now will require a lot of work because of how our architecture is right now.
I would like to implement this using a Filter Class. Can someone please shed some light on how i can achieve this without struts.
Thanks in Advance.. [ October 18, 2008: Message edited by: Steve grand ]
Sorry Bill - what i meant there by invalid request - lets say you in java.sun.com/form.jsp and then you bookmark this page, and you navigate to www.google.com and then five minutes later you re-access java.sun.com/form.jsp this time via the bookmark link (this request is what i am referring to as invalid request.
In a nutshell I would like to invalidate a user's session if they leave my application (website). more less like login out the user
Choosing the term "invalid" for that is confusing... there's nothing truly invalid about it.
You might be able to achieve this extremely bizarre requirement by checking the referer header (yes, it's misspelled) but that's not always guaranteed to always work -- in fact, in the scenario you mentioned, bookmarks, it likely won't.
Probably the only other thing you can do is to use an extremely short session timeout value.
Have you asked the framers of these requirements why they want to alienate their users in this fashion?
subject: Synchronized Tokens (Web Application Control Flow)