I know that for some sites there's a 'save password' (such as this forum) and that gets done using a cookie. But how do some other sites reset to "logged off" state when the user closes the browser's window or clicks 'log out'??
Thanks I'd appreciate any advice on this issue because I need to implement this functionality using JSP.
Originally posted by Geoff Tate:
what usually happens is that once a user is validated, a token (could be a String, an object, whatever) that indicates that user is validate is added to the HttpSession (session.putValue()). Then, each jsp that is loaded checks for the existence of that token.
Also used, and slightly "cleaner", is mapping an entire section of the site to a single servlet that checks if the user has logged in. If not, the servlet redirects the user to the login page. Otherwise the request is forwarded to whatever page was requested.
The disadvantage is that it incurs a bit more overhead. I understand the upcoming version of the servlet spec will have filters making this approach a bit more lightweight.