java - Do I need to check for valid sessions in every controller in Spring? -

suppose in web applicaiton spring mvc need check valid sessions in every controller or in jsps too? how can solve session management thing in mvc? do? other things can add security application?

we check if session expired in filter layer , map dispatcherservlet, way, incoming request handled spring filtered first, , not allowing interaction spring controller if session expired. if session found expired, send redirect page user informed session expired.

sample filter code

public class myfilter implements filter{     ...     public void dofilter(servletrequest request, servletresponse response,             filterchain chain) throws ioexception, servletexception {         if (issessionexpired((httpservletrequest) therequest)) {             response.sendredirect(((httpservletrequest) therequest).getcontextpath() + "/expired.jsp");             response.flushbuffer();         }else{             //..its not yet expired, continue             thechain.dofilter(therequest, theresp);         }     }     ... } 

mapping dispatcherservlet in web.xml

    <filter>         <filter-name>myfilter</filter-name>         <filter-class>com.mycompany.ourproject.filter.myfilter</filter-class>     </filter>     <filter-mapping>         <filter-name>myfilter</filter-name>         <servlet-name>springdispatcher</servlet-name>     </filter-mapping>      <servlet>         <servlet-name>springdispatcher</servlet-name>         <servlet-class>org.springframework.web.servlet.dispatcherservlet</servlet-class>         <load-on-startup>1</load-on-startup>     </servlet>