I have a session validation Filter which logs off the user when session is expired. The application uses HTTP Basic Authentication.
here is a piece of code.
The filter works as expected: after session time-out if the user click on any link on the application ,user will be redirected to the login page where he has to close the browser and relaunch the browser to login again since its a Basic authentication.
The problem is
when the user is naviagating the application ,on some page if the user uses cookie editor and delete Jsession id and click on some link, the session expiry filter fails to block this action
or atleast would not prompt for relogin (i donot have idea how to force the user for relogin wihout closing the browser in basic authentication ) can someone please help on this..
Madhan Madhan Sundararajan thanks for reply ..but that does not stop the problem
1) There wont be Jsession Id in the browser's first request .. so the server has to let the request to flow and create JsessionId
2) After user logs in and at somepoint of navigation he deletes the sessionId and make request then server should not create new session but prevent this and force for relogin.
In basic-athentication how to redirect the user to login prompt?