We have been developing an application using Struts 2.0. Acegi have been used for authentication. When user clicks Login button he is redirected to acegi filter set in web.xml file. applicationContext-acegi.xml file is where userid and passwords are kept. To provide logout functionality user is redirected to acegi logout filter which kills the user session.
Now the issue we have been facing is, once user is authenticated and redirected to inside the application, he should not see login page until logout. If user types login page url in the same browser even if he is been authenticated, login page appears and again asks for credentials. This leads to stale sessions in the memory because most of the users don't just logout but open a new browser window everytime.
How can I implement functionality where once user is authenticated wouldn't be asked for credentials until logout by himself or session expires.