I am creating the sdmin portion of my site. When the user logs in i set the user object to the session. In my servlet that i use for my admin part of the site i always first check to see if the user is null.
If the user is null i redirect back to the login page.
1. Do i need to set the user in the session only once or do i have to do
Check for null
then session.setAttrubite("user") in every single servlet that is in the admin portion of my app?
2. Should i also be checking to see if the user is null on all the jsp pages or just in the servlets?
3. does every page have to be no-cached?
i am getting weir instances where i am navigating through and i get thrown back to the login page without logging out.
1. No. I never do. I roll my own authentication for maximum flexibility.
2. I never directly address a JSP. I always use a servlet page controller (Model 2). So filters only get applied to servlet URL mappings, never JSPs.
Joined: Sep 10, 2008
ok the sample code i was looking at used a folder called secure and all the jsp file were in that folder, that you needed a login to get to. if i do it using servlets do i need to do filter mapping to each and every servlet for that area of the application the user needed a login for?