• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

How to stay logged in?

 
Greenhorn
Posts: 23
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
hey guys i am making a website in jsp !!
and the login is working fine but the problem is when i go to another page and switch back to the login page it again asks to login !!

how to stay logged in like using session or something else !!
help me out please
 
Ranch Hand
Posts: 54
Tomcat Server Java Ubuntu
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi,

Yes you would have to set a value in the user's session to indicate that they're logged in.

Then in your JSP you could use the JSTL choose tag to either display the login form or not.

 
Sheriff
Posts: 67746
173
Mac Mac OS X IntelliJ IDE jQuery TypeScript Java iOS
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
While using container-managed security would be best, if you are going to roll your own, then it doesn't make any sense to check for it in a JSP.

Firstly, checking in the JSP is too late; by the time a JSP is executed, the controller has done it's job and may have done something that should not be allowed if not logged in, or if the logged-in user doesn't have appropriate permissions/role.

Also, does it make sense to have to put this check into each and every location that's a possible entry point into the application?

Of course not.

Rather, a servlet filter should be employed that can check the authentication for each request before any other code executes.
 
reply
    Bookmark Topic Watch Topic
  • New Topic