Hi ,
I have a session validation Filter which logs off the user when session is expired. The application uses HTTP Basic Authentication.
here is a piece of code.
 

public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)

    throws IOException, ServletException

  {

    HttpServletResponse res = (HttpServletResponse)response;

    HttpServletRequest req = (HttpServletRequest)request;

if ((!req.isRequestedSessionIdValid()) && (req.getRequestedSessionId() != null)) {

             //redirect to login page with session expiry message

}

else{

       chain.doFilter(request, response);

}

}

The filter works as expected: after session time-out if the user click on any link on the application ,user will be redirected to the Session Expired Message page where he has to close the browser and relaunch the browser to login again since its a Basic authentication.

The problem is

when  naviagating the application ,on some page if the user uses cookie editor and delete Jsession id and click on some link, the session expiry filter fails to block this action or atleast would not prompt for relogin (i donot have idea how to force the user for relogin wihout closing the browser in basic authentication ) can someone please help on this..

Thanks