This content has been marked as final. Show 2 replies
Rework your application such that the pages do not expect objects in session etc.
On all the jsp pages, check if the user is authenticated using - request.getUserPrincipal(). If the method returns null, redirect the user to the login page.