Best way to track client authorization in jsp?
Posted on 2007-10-08
I'm having users enter and ID and password which I verify in a database. Then, other pages get sent. When a new page is sent, what is the best way to verify the user is logged in and not someone who book-marked, or just type the URL w/o logging in? I've programmed a lot in CGI and, for example, I would create a tag file for this user when they logged in. Each CGI that was run thereafter checked for this tagfile and, if it did not exists, would direct the user to log in properly. The tagfile would expire after x minutes of inactivity. There must be a better/standard way with jsp?