No its completely different. Unlike the sample JSP code you included we do not verify the user on subsequent pages, you rely on the fact that you have already assigned a unique session code to the session and have presumably authenticated the user, therefore all you need to do is check if the user has an existing valid session that you made, if yes then proceed with the processing of subsequent pages, if not then show a log-on page.
You can have something like this: HttpSession websession = request.getSession(true); if (websession.getValue("mywebsession")==null || websession.isNew()) { //Check User Code or page. } else { //Process other pages... } There is no race condition issue at all. json At 06:46 PM 12/18/01 -0800, you wrote: >I'm pretty sure that this is the same thing I described you just wrote all >the servlet code yourself instead of having the jsp engine do it for >you. That still leaves the ugly and race condition problems I >described. Am I wrong? > >-Cavan -- To unsubscribe: <mailto:[EMAIL PROTECTED]> For additional commands: <mailto:[EMAIL PROTECTED]> Troubles with the list: <mailto:[EMAIL PROTECTED]>