User Login

Hi gurus,

I’m not sure what exactly I’m looking for in terms of an answer, so hopefully this question hasn’t already been asked.

When a user logs in, I have for example a session variable which keeps track of the user’s name. What I’d like to do is, when the user navigates away and comes back to the login page, I want them to be able to bypass the login and go straight to the redirect (since the session variable already exists).

Is there a quick way I can do this?


You will just have to do a check on your login page (or servlet, or action, or controller) and see if your user is already logged in. If so, then redirect the user to the ‘home’ page.

I appreciate the response, but my point is that the session hasn’t expired, yet the user still has to login again.

So yeah I guess it’s been a while since I responded to this thread, but I just wanted to say thanks to everyone who responded :slight_smile:

The login example I had was indeed flawed, and didn’t do the proper checks. I worked my way around it by setting each link up as an action, which I could then setup an interceptor to do the dirty work.

So what are you asking for exactly? (My favorite question on this forum lately…)

You first asked how to determine if someone is logged in so you can redirect them from the login page and now you’re asking how to direct them to a login page when they first go to your site. Those requests seem a tad bit contradictory.

The welcome-file-list is used when someone goes to the following url:
or optionally

You have to ask yourself, what do you want your site’s visitors to see when they go to that page (with or without logging into your system).

Next you have to determine what content of your site requires a user to be logged in to see.

Most likely the answer that you’re looking for uses filters of some sort, but I’m not completely clear on what you’re trying to do.

Do you have use cases or clear steps on a vision of what you want exactly?

Do you have a working login that you have found does not already do what you want?

I suspect that if you do have such an animal, the login routine/checking is flawed and in need of repair.

As you say, the login status of a user is in their session, every page that requires a user to be logged in must check for valid status and redirect to a ‘safe’ area if the user is not valid. This prevents ‘deep linking’ attacks, which is when a user bookmarks or hand enters a protected page address and skips the login procedure - if the page doesn’t check for status, the user gets access, anonymously.

As to how, it’s a session attribute, you check it the same way you would check any other attribute. Either the JSP or a servlet may do this check, any action that requires a valid login should check the login status, first, and kick the user to index if they’re not valid.

It can be done by two way…

  1. Create a filter
  2. Check the current user session in all pages other than index page. If session is invalid redirect to login page.

I’m clear with your requirement,
If you looking to track your user after session expired then go for setting cookie.

Are there any examples of this? My understanding of actions is that when a user first navigates to your site you have for example in your web.xml:


I can change that to navigate to an action instead?

What I currently have is which goes to a simple login page (index.jsp) that anyone can access, and only valid users can enter to get re-directed to the content page (main.jsp).

What I want to have is a setup where the user can login, then navigate to google for example, then go back to the same original link ( and be able to bypass index.jsp right to main.jsp since their session data is still valid.

My understanding of your post was that I would need to either create a servlet or action that would check for valid credentials before allowing the user to see the login page (index.jsp), or automatically re-direct them to the content page (main.jsp).

My boarder question now is how do I do this? Thanks :slight_smile: