File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes Servlets and the fly likes Session Validation Filter Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of EJB 3 in Action this week in the EJB and other Java EE Technologies forum!
JavaRanch » Java Forums » Java » Servlets
Bookmark "Session Validation Filter" Watch "Session Validation Filter" New topic
Author

Session Validation Filter

Manjesh Patil
Ranch Hand

Joined: Sep 24, 2010
Posts: 40

Hi ,
I have a session validation Filter which logs off the user when session is expired. The application uses HTTP Basic Authentication.
here is a piece of code.


The filter works as expected: after session time-out if the user click on any link on the application ,user will be redirected to the login page where he has to close the browser and relaunch the browser to login again since its a Basic authentication.

The problem is
when the user is naviagating the application ,on some page if the user uses cookie editor and delete Jsession id and click on some link, the session expiry filter fails to block this action
or atleast would not prompt for relogin (i donot have idea how to force the user for relogin wihout closing the browser in basic authentication ) can someone please help on this..

Thanks

Madhan Sundararajan Devaki
Ranch Hand

Joined: Mar 18, 2011
Posts: 312

Please store a secret KEY in the session instead of in the cookie. If this key is not present then re-direct user to login page.


S.D. MADHAN
Not many get the right opportunity !
Manjesh Patil
Ranch Hand

Joined: Sep 24, 2010
Posts: 40

Madhan Madhan Sundararajan thanks for reply ..but that does not stop the problem

1) There wont be Jsession Id in the browser's first request .. so the server has to let the request to flow and create JsessionId
2) After user logs in and at somepoint of navigation he deletes the sessionId and make request then server should not create new session but prevent this and force for relogin.
In basic-athentication how to redirect the user to login prompt?

 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Session Validation Filter
 
Similar Threads
How to know login & logout status of user
Session Management with Ajax
common URL Mapping for filter
response.senRedirect does not seem to be working in filter
how to force user to login again when the session timed out