When the user logs into the page, they are redirected to a consent page with a message. The user must accept the consent message (not authentication) before getting access to the page in the domain. The user will have to consent whenever their session expires.
What would be a good way to implement this? This is a java web application running on Tomcat 7.
Bear Bibeault wrote:Sounds simple enough. Add a filter that checks for a "consent" token in the session. If it's not there, redirect to the "consent" page. Once they "consent" place the token in the session.