JSF SESSION AND AUTHENTICATION SYSTEM
In a simple login page, mainly we should create and configure three parts. First “login.jsp” for visual design and calling validating function. Second “login Bean”( Simple Java Class) for getting information from jsp page and creating this bean instance and also this java file includes the validation function. Third, “faces-config.xml” file for managing bean and redirecting the client according to the result of the validate function.
Then how should we check the logged-in status of the clients? One way is the check the attribute of a session object. Another way, which is proper to JSF, is to use “PhaseListener”.
How about session objects? Session Objects live on the server and are automatically associated with clients. Session objects are not travelled along networks only unique identifiers are used. “request.getSession” is enough to get the session object, we do not need to use our own cookies and hash tables, url-rewriting or hidden form fields.