<%@ page language="java" contentType="application/json; charset=UTF-8" pageEncoding="UTF-8" %><% // Security: only allow calls from trusted internal sources. // In production, further restrict with a reverse-proxy rule so this // path is NOT reachable from the public internet. response.setHeader("Cache-Control", "no-store, no-cache"); response.setHeader("Pragma", "no-cache"); response.setHeader("X-Content-Type-Options", "nosniff"); Long userId = (Long) session.getAttribute("loginUser_id"); if (userId != null) { response.setStatus(200); out.print("{\"authenticated\":true,\"userId\":" + userId + "}"); } else { response.setStatus(401); out.print("{\"authenticated\":false}"); } %>