"Merrill Cornish" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > I'm trying to learn filters by writing one to detect when someone who > has not logged in tries to access a JSP page that requires login. From > what I've read, this seems to be one common use of filters. > > I think I understand how to write the filter, but to determine whether > the session had been logged in, I need to HttpSession object. > > The doFilter() method receives ServletRequest rather than > HttpServletRequest, so there is no getSession() method. At the same > time, since the filter is tied to ServletRequest and ServletResponse, it > appears that the filter runs at a level "above" individual sessions, > implying that a filter could never check whether a specific session was > logged in. >
Well, something like: HttpServletRequest hreq; if(request instanceof HttpServletRequest) { // always true for Tomcat hreq = (HttpServletRequest)request; } > Can filters be used to check whether a user is logged in? > > Merrill --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]