Win a copy of Head First Android this week in the Android forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Tim Cooke
  • Campbell Ritchie
  • Paul Clapham
  • Ron McLeod
  • Liutauras Vilda
Sheriffs:
  • Jeanne Boyarsky
  • Rob Spoor
  • Bear Bibeault
Saloon Keepers:
  • Jesse Silverman
  • Tim Moores
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
Bartenders:
  • Piet Souris
  • Al Hobbs
  • salvin francis

Keep the user signed in even after browser closes

 
Ranch Hand
Posts: 49
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
hi I'm maintaining sessions using JSPs. I want the logged in users to remain signed in unless they sign out explicitly. That is whenever the user visits the site, he doesn't need to login again, he's automatically logged in and redirected to the last page he had visited on the site. How do I achieve this ? The user's session would time out after he closes the browser right ? So even if I use cookies, won't the session have expired ? Please advise
Thanks
seema
 
Rancher
Posts: 13459
Android Eclipse IDE Ubuntu
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
There are two options that I can think of.
The first is to store the username and password on the cookie. Every time they visit they can be logged in if they aren't already logged in. Therefore you'll have to detect if they are logged in and do some processing to log them in and give them a session and set up any other data you require.
The second is to associate each user with a token on the server side. You store this token in the cookie and against the user on the server. When someone has that cookie and passes the token, as above you associate it with the user and log them in.
In both cases it is better to obscure or encrypt the data on the cookie since anyone else who sees it could fool the system into accepting them as someone they are not...
Dave
 
Ranch Hand
Posts: 130
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hello David,
I also have to similar functionality about which Seema was aksing. After going through your answer I prefered 2 one, which is preferable from the security point of the view.
Problem is that I am not crystal clear about the steps your saying about. So, will you please give some basic algorithm which explains the steps to implement this solution.
Thanks in advance!
- Dhananjay
 
You showed up just in time for the waffles! And this tiny ad:
Building a Better World in your Backyard by Paul Wheaton and Shawn Klassen-Koop
https://coderanch.com/wiki/718759/books/Building-World-Backyard-Paul-Wheaton
reply
    Bookmark Topic Watch Topic
  • New Topic