Hi Johnny,
Ideally you should check for a valid session on top of any page that your user can go into your website. Usually people include a startup file on top of any JSP and that startup JSP page checks for a valid session and redirects it when not found.
If you are using servlets, then you should use a ServletFilter. This ServletFilter is usually mapped to url (like servlet path mapping).
In the doFilter() API call implementation for this filter, you can check for the existence of the user session, if it is not there, then redirect the user to login page.
If it is there, then the filter would take care of forwarding it to the requested resource when you call chain.doFilter()..
Also, make sure that the session object being checked is removed from session scope when the user logs out.