Hi, this question isn't directly related to
servlets so apologies if it is in the wrong forum but I thought this would be the best place to get an answer.
I'm working on an application running on
Tomcat where the front-end is rendered through a mixture of
java servlets and static html pages. Up to now, this application hasn't implemented any kind of session management which meant a user could bypass the login page and open any page in the application once he knew the correct url. I've now implemented session management in all the servlets which means a user will be forwarded to the login page if they try to access the servlet without having logged in.
I do this by creating a session on the web server in the login servlet using this code:
and I validate it by calling some common code at the beginning of each servlet that incluses this code:
That's fine for the servlets. My question is this - is there an equivalent I can do in the static html files - do I have any access to the session or the request in the html file? If not, is there something else I can do to stop a user opening these pages without having logged in first?
Thnaks in advance.