Hi,
Better not to count *only* on the fact that a HttpSession already exists
or not. It is possible the user worked with some other's developer servlet
wich already instantiated the HttpSession (like Alvin's game ;-),
and when its boss suddenly enters the office he quickly follows the bookmark
to Andrey's office applications... wich need to authenticate the user again,
within the new "working environment".
Cezar
On Fri, 26 Mar 1999, Amarnath Nanduri wrote:
> Hi Andrey,
> Use session tracking. In the login page, create your session objects
> and in your
> other servlets make sure that a session exists ( do not create the session
> though ). If the session is null
> you can be pretty sure that the user has bookmarked the page. In that case
> just redirect him to the login page.
> Hope this helps.
>
> p.s. I am working on a project that implements this mechanism and it
> works.
>
> Amar..
>
>
>
>
>
> Andrey Sazonov <[EMAIL PROTECTED]> on 03/26/99 10:41:44 AM
>
> Please respond to "A mailing list for discussion about Sun Microsystem's
> Java Servlet API Technology."
> <[EMAIL PROTECTED]>
>
> To: [EMAIL PROTECTED]
> cc: (bcc: Amarnath Nanduri/IT/VANCPOWER)
> Subject: How to force user to login
>
>
>
>
> Hi all!
>
> I have following design problem and I hope anybody can help me.I need to
> develop web based
> access to the database. Every user who try to work with this system need to
> log in before real access
> to database. It works fine with session tracking mechanism (access to
> database provided by set
> of appropriate servlets and beans).
> But problem occurs when the user bookmarked some page and the tries to come
> directly to bookmarked page.
> Does anybody know the way how to prevent this and show login page instead
> bookmarked one?
>
> I think this could be implemented by processing of all request to whole
> site
> by one servlet, which will
> further dispatch all requests, but I'm afraid this could apply additional
> bottleneck to system.
>
> ---------------------------
> Sincerely
> Andrey Sazonov
> ([EMAIL PROTECTED])
>
___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".
Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
