If you aren't going to put your JSPs inside the WEB-INF layer, would it be a good idea to do the check for a user being logged in by a simple tag at the top of each JSP? This way at least if someone tries to type in a url to a jsp they would be redirected to log in?
-- Rick mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
