Java web application - refactor include scriptlets into a best practice approach

I currently have the following includes at the top of all of my jsp files:

<%@ include file="inc/inc_cookie_login.jsp"%>
<%@ include file="inc/inc_protect_page.jsp"%>
<%@ include file="inc/inc_log_access.jsp"%>

The jsps have scriptlets that check for cookie and set a user object in the session if cookie exists, prevents access to the jsp unless a session has been set, write to a text file the User IP, name, page accessed, etc.,respectively.

The scriptlet approach above has worked fine but now that I have a better server set up and can utilize a web.xml file, I have been refactoring my app to best practices. The above is screaming FIXME! Should I be investigating listeners, filters, ?, or is my curre开发者_运维百科nt approach adequate?

=== inc_cookie_login.jsp ====

<%@ page import="model.STKUser"%>
<%@ page import="model.STKUserCookie"%>
<%@ page import="data.STKUserDAO"%>

<%
if ( request.getSession().getAttribute("STKUserSession") == null) {
    STKUserCookie userCookie = new STKUserCookie(request);
    String userBadge = userCookie.getUserID();
    STKUserDAO userDAO = new STKUserDAO();
    STKUser user = userDAO.getUser(userBadge);
    if (user != null) {
        user.setIpAddress(request.getRemoteAddr());
        userDAO.updateLoginCount(user);
        request.getSession().setMaxInactiveInterval(36000); //set to 10 hours
        request.getSession().setAttribute("STKUserSession", user);
    }
}
%>

This looks like a good one to be replaced by a filter. Create the filter class and ref it with a pattern in your web.xml. Scriptlets should not be used unless all other options have been reasonably exhausted.