Here's an example of how I've implemented it and it seems to works as you want it to.
********login.jsp *******
<%@ page import="com.mwp.*" errorPage="error.jsp" %>
<%
String message = request.getParameter("message");
if ( message != null ) {
%>
<p><%=message %></p>
<% } %>
<b>Login</b></font></p>
<table width="41%" border="1" align="center" bordercolor="#000000">
<form action="loginCheck.jsp" method="POST">
<tr>
<td height="35" bgcolor="#9999FF" width="18%"><font face="Verdana, Arial, Helvetica, sans-serif">Username</font></td>
<td height="35" bgcolor="#CCCCFF" width="82%">
<input type="text" name="username">
</td>
</tr>
<tr>
<td bgcolor="#9999FF" width="18%"><font face="Verdana, Arial, Helvetica, sans-serif">Password</font></td>
<td bgcolor="#CCCCFF" width="82%">
<input type="password" name="password">
</td>
</tr>
<tr>
<td colspan="2" height="35">
<div align="center">
<font face="Verdana, Arial, Helvetica, sans-serif">
<input type="submit" name="Submit" value="Login">
</font></div>
</td>
</tr>
</form>
</table>
</HTML>
</BODY>
*************** loginCheck.jsp **************
@ page language="java"
import="com.mwp.*, java.util.*"
errorPage="error.jsp" %>
<jsp:useBean id="loginBean" scope="page" class="com.mwp.Login" >
<jsp:setProperty name="loginBean" property="*"/>
</jsp:useBean>
<jsp:useBean id="dbm" scope="page" class="com.mwp.DatabaseManager" >
</jsp:useBean>
<jsp:useBean id="monitor" scope="application" class="java.util.HashMap"/>
<%
if ( loginBean.getUsername().length() == 0 ) {
String display = "login.jsp?message=PLease Enter Username and Try Again";
}
if ( loginBean.getUsername().length() == 0 ) {
String display = "login.jsp?message=Please Enter password and Try Again";
}
String display = "login.jsp?message=Invalid Login. Try Again";
User user = loginBean.authenticate(dbm.getConnection(session));
if (user != null) {
user.setIpAddr(request.getRemoteHost());
// Got user. Now do they already have a session?
if (monitor.containsKey(user)) {
HttpSession oldSession = (HttpSession)monitor.get(user);
oldSession.invalidate();
monitor.remove(user);
}
session.setAttribute("user", user);
monitor.put(user, session);
System.out.println("Assigned new session for: " + user);
session.setMaxInactiveInterval(900);
display = "customerSearch.jsp";
}
%>
<jsp:forward page="<%= display %>"/>
***************************************
The a session attribute "message" is used to pass the reason for the failure back to the Login.jsp page. The login bean is used to get the userId and password.
HTH
Gordon