7 Replies Latest reply on May 11, 2006 2:54 PM by kh2ouija

    best practice advice needed: checking for user session

    kh2ouija

      How can I make pages unaccessible by GET requests if the user is not logged in, or if his session has expired? I want to redirect him to the login page in case of a such request. I was using a servlet filter in Struts, and in Seam I used the LoggedInInterceptor like in the examples, but it doesn't do quite what I hoped it would. The requested page still renders, just without valid dynamic data.

      Eg: http://seam.demo.jboss.com/book.seam (without being logged in)