Sarra Sakka wrote:Without a filter, how can i create a session when i loged in and how can i invalidate it when i loged out ?
thank you for you effort
If you are trying to prevent pages from being viewed when there is not a valid user, the filter is your best bet. May as well figure out what is wrong with it instead of scrapping it and moving on.
When you try and view the home page is there an error?
Maybe post all your revised code and xml so we can see the whole picture.
Servlet Filter is needed to do the login and logout.
step1: writer the login filter and in doFilter method , check the user info based on the useID given by the user
step2: if the customer info not in DB or any authencation server (LDAP) throw error mesage
step3:if the userinfo found , create the HTTpSession and keep the userinfo in that session
step4: every req will comes through the loginfilter and checks the incoming user valid or not
step1: write the logout filter and check the any session is alive then call the session.invalidate() method