File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes Servlets and the fly likes Session Validation Filter Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Servlets
Bookmark "Session Validation Filter" Watch "Session Validation Filter" New topic

Session Validation Filter

Manjesh Patil
Ranch Hand

Joined: Sep 24, 2010
Posts: 42

Hi ,
I have a session validation Filter which logs off the user when session is expired. The application uses HTTP Basic Authentication.
here is a piece of code.

The filter works as expected: after session time-out if the user click on any link on the application ,user will be redirected to the login page where he has to close the browser and relaunch the browser to login again since its a Basic authentication.

The problem is
when the user is naviagating the application ,on some page if the user uses cookie editor and delete Jsession id and click on some link, the session expiry filter fails to block this action
or atleast would not prompt for relogin (i donot have idea how to force the user for relogin wihout closing the browser in basic authentication ) can someone please help on this..


Madhan Sundararajan Devaki
Ranch Hand

Joined: Mar 18, 2011
Posts: 312

Please store a secret KEY in the session instead of in the cookie. If this key is not present then re-direct user to login page.

Not many get the right opportunity !
Manjesh Patil
Ranch Hand

Joined: Sep 24, 2010
Posts: 42

Madhan Madhan Sundararajan thanks for reply ..but that does not stop the problem

1) There wont be Jsession Id in the browser's first request .. so the server has to let the request to flow and create JsessionId
2) After user logs in and at somepoint of navigation he deletes the sessionId and make request then server should not create new session but prevent this and force for relogin.
In basic-athentication how to redirect the user to login prompt?

I agree. Here's the link:
subject: Session Validation Filter
jQuery in Action, 3rd edition