Session is lost in new browser window.

I am using Servlet filter to secure help documents in the site.
If the session is expired or user enters the document URL directly into browser, it redirects user to log in page.

Web.xml

<filter> <filter-name>DocumentAuthenticationFilter</filter-name> <filter-class>product.DocumentAuthenticationFilter</filter-class> </filter> <filter-mapping> <filter-name>DocumentAuthenticationFilter</filter-name> <url-pattern>/HelpDocuments/*</url-pattern> </filter-mapping>

Filter Servlet : DocumentAuthenticationFilter

public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { HttpSession session = ((HttpServletRequest) request).getSession(); if(session.getAttribute("userid") != null){ chain.doFilter(request, response); }else{ ((HttpServletResponse) response).sendRedirect("/Product/login.jsp"); } }


This works great in all browsers. If session is expired user is redirected to log in page else document is opened in the new window of browser.

But in IE 8 the session is not found in the newly opened browser window and the filter redirects the user to log in page, as well as session in the parent page is also lost after that.

Has anyone come across this? Any suggestions?

Thank you.

Previous Discussion on the topic

What do you mean by newly opened window? Is that a new window that was opened by your website or do you mean when the user enters opens another window themselves?

You shouldn't need a filter to control access to your documents. You should be able to use Declarative Security.

Yes, its the new window that was opened by the website upon clicking the link of document.

You should be able to use Declarative Security.

I don't want it to be role based. Only requirement is that the user should be logged in to view the document.

Thank you.