You might also want to "hide" the actual pages. Create a servlet that does the security checking, and then have it use a request dispatcher to go to the page requested (unless they aren't logged in). When what you'll want to do is go into your web.xml and setup a url mapping to be executed by that servlet. If this is confusing post a reply and I'll try to be somewhat clearer.
--mikej -=----- mike jackson [EMAIL PROTECTED] > -----Original Message----- > From: Becky Phaneuf [mailto:[EMAIL PROTECTED]] > Sent: Friday, February 14, 2003 10:37 AM > To: [EMAIL PROTECTED] > Cc: [EMAIL PROTECTED] > Subject: Re: Whats a good way to solve this ... ? > > > A) In every non-login page check to see if a user is logged in by > getting the current session (passing "false"). > > B) If no session exists, redirect them to the login page, but also pass > the parameter "goTo=MyNotes.jsp" (or something similar). Have them log > in, and create a session. Your login page can request the contents of > the goTo parameter and, if it exists, forward to the goTo. Otherwise, > forward them to welcome.jsp. > > -B > > >>> [EMAIL PROTECTED] 02/13/03 10:00PM >>> > Hi, > > Lets say i have the following JSP pages .... Login.jsp, > MyGirlfriends.jsp, MyStupidity.jsp, MyNotes.jsp, Welcome.jsp. > > Loging.jsp is accessed thru https. and then the person is taken to a > Welcome.jsp page. > > Lets say the user clicks on MyNotes.jsp from Welcome.jsp. > He likes my notes and bookmarks it and then closes his machine goes out > > to dinner and next day he wants to go back to my notes from his > bookmarks. > > When he clicks on the URL to MyNotes.jsp from his bookmark .. I want to > > first let him re login to the system and then forward him to the page > he was originally trying to access. (Essentially I would want the user > > to relogin whenever his session expires for security reasons). > > What would be the best way to do this ? > If a user is going to MyNotes.jsp from his bookmarks , how do i get him > > goto my login.jsp ? > > Mufaddal. > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]