Hi,

I am writing a program using Java servlets. I want to use a session for user authentication.

In the login page I check users user name and password with usernames and password in my database and store username and password in a session.

After that do I have to check the user name and password stored in session with my database, in every page. Or can I just check wether there is a session avaiable and if the session is available, allow the user to view the page.


Thanks a lot,
Chamal.

you can set a session variable after the user logged in and check for the variable on the other pages, if the value is false return him to the login page if not continue.