Win a copy of The Java Performance Companion this week in the Performance forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Session Validation Filter

 
Manjesh Patil
Ranch Hand
Posts: 42
Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi ,
I have a session validation Filter which logs off the user when session is expired. The application uses HTTP Basic Authentication.
here is a piece of code.


The filter works as expected: after session time-out if the user click on any link on the application ,user will be redirected to the login page where he has to close the browser and relaunch the browser to login again since its a Basic authentication.

The problem is
when the user is naviagating the application ,on some page if the user uses cookie editor and delete Jsession id and click on some link, the session expiry filter fails to block this action
or atleast would not prompt for relogin (i donot have idea how to force the user for relogin wihout closing the browser in basic authentication ) can someone please help on this..

Thanks

 
Madhan Sundararajan Devaki
Ranch Hand
Posts: 312
Java MS IE
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Please store a secret KEY in the session instead of in the cookie. If this key is not present then re-direct user to login page.
 
Manjesh Patil
Ranch Hand
Posts: 42
Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Madhan Madhan Sundararajan thanks for reply ..but that does not stop the problem

1) There wont be Jsession Id in the browser's first request .. so the server has to let the request to flow and create JsessionId
2) After user logs in and at somepoint of navigation he deletes the sessionId and make request then server should not create new session but prevent this and force for relogin.
In basic-athentication how to redirect the user to login prompt?

 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic