I am new to Spring and developing a dynamic web application in Spring and Tomcat and for some reason
I am not using Spring Security. I want to prevent users to access the login page who
are already in a session.Here is my code:

@Controller  
@RequestMapping("/login")  
@SessionAttributes("userAuthenticator")  
public class LoginController {  

    @RequestMapping(method = RequestMethod.GET)  
    public String showLogin(ModelMap model, HttpServletRequest request) {  
    System.out.println("Current Session: " + request.getSession(false));  

    if (request.getSession(false) == null) {  
    System.out.println("This means a new user wants to access the login page");  
    return "login";  
    }  

    else{  
    //means the user is already in session.So move him to another page say display.jsp  
    //actually I have done here with some other checking like getUserName() from   
    the model "UserAuthenticator" and if its again null redirect to login page.  
    }  

For Now forget about the else part.When I entered the URL in my browser
first time: …./AccountCreation/login.htm
Console Output:

Current Session: null  
This means a new user wants to access the login page  

Looks absolutely normal because a new user is accessing the page(login page also appears).

But when I re-enter the URL even refresh the page the console output comes:

Current Session: org.apache.catalina.session.StandardSessionFacade@511e0a  

Where did that session come from ?
(For that reason, in my else part I got:”The webpage has a redirected loop” in my browser)

Can anyone suggest me a way to achieve my goal without using Spring Security ?
This is very much needed for me now…..

Thanks…