> From: Martin O'Shea [mailto:app...@dsl.pipex.com] > Subject: Detecting a login or logoff event
> I need to be able to intercept a successful authentication of a > login / logout request which can then be used to make a series > of system updates to record the fact. > I am thinking about scriptlets in the pages served testing the > request's servlet path after login is successful If the integrity of your information is dependent on actions of the client, you have no data integrity. There's nothing stopping a client from disabling scripts, running their own scripts, or doing anything else by accident or intent - you cannot control that. Anything you do for tracking must be done on the server side. You probably can use a filter, but a Listener might be more appropriate. See section 10 of the servlet spec. (Make sure you're looking at the current spec for the Tomcat version you're using; the 2.2 spec you referenced earlier is badly out of date.) - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers.
