Hi,
I am developing a jsp/servlet based application where once user is logged in, pages are displayed based on the user role.
I want to build security in the JSP to restrict the user from directly calling a jsp page without logging in.
When a user is logged in, I create a User object and store it in session. In every page I check if the User object is available in the session, if not the user is redirected to the login page.
I want to validate this approach with you all. Please let me know if there is a better option.
I tried
request.getSession(fale) == null in the JSP but it always returns a session
Thanks in advance.
Javed.