Tuesday, July 16, 2002 10:58 AM
There is an almost standard accepted way of acheiving this. When the user successfully logins into the site, set a Session variable (say variable IsUserLoggedIn) to true.
When the user logs-out set it to false. Now on the top of each of your jsp, just check wether the variable is true or not. If it is false simply do a response.sendRedirect() to the login page. Also, do remember to set caching off. The way to do this would be -
response.setDateHeader ("Expires", 0);
This would ensure that the browser does not caches your page.
Using a session variable is advisable because it allows you to handle session timeouts and logouts uniformly on all jsp pages, because some browsers (for ex. IE) offer a drop down of the recently visited urls. So even if the user chooses one such url from the IE address bar drop-down, he wont be able to accesss any of the intermediate pages.
Hope that helps.