Hi, I creating some jsp pages which requires users to login. based on their account credentials, they're assigned certain session objects. when they try to access a page, it will check their session objects. if they have a certain session object required to view a page, it will display it. otherwise they get redirected somewhere else. Just wondering is this a safe in terms of viewing security to have session objects do this? thanks.