On Apr 20, 2004, at 12:30 AM, [EMAIL PROTECTED] wrote:
We have done a similar thing with filter. You put a check in the filter to redirect to an error page if the session is not present in the request. this will also prevent a user to access the site without login in.
Although you have to put a "return" after your redirect, just in case the browser doesn't respect the redirect header (this prevents the filter from allowing execution to continue on the resource it is protecting, something which has actually happened to me in the absence of a "return" on Tomcat 4.x).
-- Erik Price
<http://erikprice.com/>
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
