How can I use JSP to make sure a user has logged in before I handle the request?

Kumar Allamraju

On every page that needs to be authenticated, check for a user ID in the session object - if it does not exit, redirect the user to a login page, passing the url the user was trying to access as a parameter.

On the login page, if the user successfully logs in, create a session for him/her, and add their user ID to the session. After this, redirect back to the original page they had tried to access. This way, even if the user bookmarks a page, he/she will be asked to login once the session has become invalid.

Some code: On every page add the following:

HttpSession session = request.getSession(true);
if (session.getValue("EID") == null) {
     response.sendRedirect (response.encodeRedirectUrl
else {
     // the rest of the page ...

In Login.jsp once the user has provided the correct logon credentials:

session.putValue("EID", EID);