1
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
    try { 
        String logged = (String) ((HttpServletRequest) request).getAttribute("loginstatus");
        if(logged != null) {
            out.print("ok");
        } else {
            out.print("not ok");
        }

Why is the value of logged always null?

BalusC
  • 1,082,665
  • 372
  • 3,610
  • 3,555
Prerna
  • 1,235
  • 4
  • 17
  • 22

1 Answers1

4

A filter is by default the very first thing which get executed on a HTTP request. The request attribtues are usually managed by server side code. Who/what should have set the request attribute before this filter does its job?

Aren't you confusing how HTTP requests/responses work? A request get finished/garbaged, including all attributes, when the associated response is finished. Every subsequent request is a brand new one which doesn't contain at all the same attributes as the previous one.

Don't you actually want to use the session scope? Do the following on login:

request.getSession().setAttribute("user", user);

And then the following in authentication filter:

if (((HttpServletRequest).getSession().getAttribute("user") != null) {
    chain.doFilter(request, response); // Continue.
} else {
    ((HttpServletResponse) response).sendRedirect("login"); // Redirect to login.
}

See also:

Community
  • 1
  • 1
BalusC
  • 1,082,665
  • 372
  • 3,610
  • 3,555
  • no this is not working....whwn i click on logout button.i get redirected to the login page but whwn i press the back button i again get redirected to logout page which i want to avoid – Prerna Mar 06 '11 at 14:36
  • 1
    This is definitely working. You just have **another** problem. Press `Ask Question` for that. And please pay a bit more attention to your English :) – BalusC Mar 07 '11 at 01:01