I have a JSP page that displays a list of files for downloading. This JSP page first checks the session to see if the user is logged in. If so, the list of files is displayed. If not, they are redirected to a login page. My problem is that this page only protects the ability to list the files. If someone knew the path and filename of one of the files, then they could just type that in the URL and bypass the login. Is there a way to protect non-JSP files (like ZIP files) without having to use the web server's security? Thanks, Neil =========================================================================== To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff JSP-INTEREST". For digest: mailto [EMAIL PROTECTED] with body: "set JSP-INTEREST DIGEST". Some relevant FAQs on JSP/Servlets can be found at: http://java.sun.com/products/jsp/faq.html http://www.esperanto.org.nz/jsp/jspfaq.html http://www.jguru.com/jguru/faq/faqpage.jsp?name=JSP http://www.jguru.com/jguru/faq/faqpage.jsp?name=Servlets
