Demonstration of a web-application that uses sessions.
Intercepts requests to /user.html
.
Accepts requests carrying previously authenticated session identifiers.
Denies requests without one and redirects to /login.html
.
Handles POST
requests sent to /login
originating from login.html
.
Checks if a user exists with the given email
and password
via the UserService
.
-
Redirects to
login.html
if the user doesn’t exist. -
If it exists creates a new session (after invalidating the previous).
-
Associates the user’s email address with the session.
-
Then redirects to
user.html
.