开发者

How to make sure a user is still logged in using Java Web

I just want to ask how do I make sure a user is still logged in. If he/she's not, then access to pages is not permissible. See, when logging in a page I use a filter to check if the user exists. I wonder if I could use filters to check if the user is still logged in? Only problem is, I tried but when I type the url directly on the ad开发者_如何学JAVAdress bar the page still shows, now with null values. How does one do this correctly in Java?


What web framework are you using?

Yes, it is achievable using filters/interceptors in most scenarios, especially plain vanilla web applications. In your case, you most likely did not nullify/invalidate the invalid user, or have not redirected invalid users to another page (login page for example).

If you are using Struts, or Spring, i would highly recommend you looking in the direction of Spring Security (Former ACEGI) or Apache Shiro because chances are although your home-made solution would appear workable, they are not spoof proof.


Set a session variable, isLoggedIn=true, after the user logs in. In the filter, check if the session is null, or the logged in flag is false. If not, redirect to some page saying you must login to continue.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜