Checking for the existence of a marker object in the HTTP session is a very
common security pattern.
Mike
Todd McGrath wrote:
> The site I'm working has a custom login component where users must have
> a valid username/ password combination. I would like to redirect or
> present a user with a message when a Http session timeout has
> occurred. You know, "your session has expired, so you must re-login"
> message or something similar.
>
> I'm in the beginning stages of the code. So far, the app stores certain
> information about the user in a http session Java Bean, so I'm thinking
> of checking for the existence of this bean in a Controller servlet to
> determine if the Http session has timed out:
>
> if (javabean == null) {
> String message = "Your session has timed out, please login again";
>
> }
> else ...
>
> Any opinions on this? (including other, better ways to achieve this
> functionality)
>
> -Todd
--
//////////////////////////////////////////////////////
//
// Mike Clark
//
// Clarkware Consulting
// Enterprise Java Architecture, Design, Development
//
// http://www.clarkware.com
// [EMAIL PROTECTED]
// +1.720.851.2014
//