How to test for a valid user session in a JSP

Note: This approach is very old; Java/JSP scriptlets were deprecated a long time ago. I don't have time to update this article to the correct, modern approach, but I hope this JSP session example will point you in the right direction.

Every once in a while I'm asked something like, "How can I tell if I have a valid user session in my JSP code?"

According to the JSP specification, an implicit variable named session (which is an instance of an HttpSession) is made available to your JSP's automatically by your servlet container. So, all you have to do to determine if you have a valid user session in a JSP is to test whether this session reference is null, or not, like this:

if (session == null)
{
  // the user *does not* have a valid session; handle this however you need to.
}
else
{
  // the user *does* have a valid session.
  // do whatever you need to for logged in users.
 String username = (String)session.getValue("USERNAME");
}

One way to deal with a null user session

If you're in a situation where a user needs to have a valid user session to access your JSP/servlet content, you can deal with the situation using JSP code like this:

<%
  if (session == null)
  {
    String address = websiteContext + "/login.jsp";
    RequestDispatcher dispatcher = getServletContext().getRequestDispatcher(address);
    dispatcher.forward(request,response);
  }
%>

In this example I've already set the variable websiteContext somewhere earlier in my JSP. For example, if this was a discussion forum, this variable might be set to the string "/forums".

If you prefer the JSP forward tag, you can also forward to the login page like this:

<%
  if (session == null)
  {
    %><jsp:forward page="login.jsp" /><%
  }
%>

Which one you choose is up to you.