what is the general "accepted practice" for handling logins and securing access with struts?
from a review of the archive, it seems that way *not* to do it is to use a "isLoggedIn" flag that gets passed from page to page. and, that the canonical approach is to utilize Action.perform(...) to determine whether or not the person has logged in. so, how exactly is the Action class determining whether or not the user is "logged in"? does it set a session-level boolean variable and check that on every invocation of the perform method? has anyone encountered special cases where they've had to come up with some unique way of handling logins? many thanks! --e-- -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
