• Post Reply Bookmark Topic Watch Topic
  • New Topic

What's the best way to check whether a user is logged in or not?

 
Egil Poma
Ranch Hand
Posts: 40
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I have a question about basic session handling.

I'm running Tomcat 5.0.30 and have a web application where users can register with a username and password, and then log into a "member site".

What is the best way of making sure that a user actually has logged in or not?

What I've done in previous applications I've made is that I've just put a simple variable into the users session after he has successfully entered his password (i.e. Boolean loggedIn=true). Then I just test if this flag is true to grant him access to the member site. Is that a smart way of doing it?

Are there any libraries I can use which handles sessions for me in a secure way?

All comments and suggestions are appreciated!
 
Jaikiran Pai
Sheriff
Posts: 10447
227
IntelliJ IDE Ubuntu
 
Egil Poma
Ranch Hand
Posts: 40
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I got a tip that I can use a HttpSessionListener. Anyone got experience with that?
[ August 21, 2006: Message edited by: Egil Poma ]
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!