• Post Reply Bookmark Topic Watch Topic
  • New Topic

Remembering users...

 
Chris Stewart
Ranch Hand
Posts: 184
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I assume the best way to remember a user on a website is to set a cookie on their computer and check for it in your index page. Is that correct? Can anybody direct me towards some good info for working with cookies in java?
 
Gregg Bolinger
Ranch Hand
Posts: 15304
6
Chrome IntelliJ IDE Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
IMO, letting the Application Server do this for you is better/easier. Just tell the server what pages are to be secured, tell it what your login page is, what your error page is, and anytime a secure page is accessed the Application checks to see if anyone is logged in or not and redirects appropriatly.
I am doing this with Tomcat Form Authentication using the JDBCRealm attribute in the server.xml file. I have folders setup in my web app and those folders are based on roles. So when the user tries to access any of those pages Tomcat makes sure they have the correct role as well before letting them in. This saves you that extra include on all your jsp pages. And it can be applied to servlets as well, not just jsp pages.
 
Chris Stewart
Ranch Hand
Posts: 184
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Ok, say when you visit JavaRanch, you don't have to login each time. I assume the forum software is doing this by using cookies. That's what I'm after.
 
Gregg Bolinger
Ranch Hand
Posts: 15304
6
Chrome IntelliJ IDE Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Found this on reading and writing a cookie with a servlet. Should be the same in a scriplet though. I would use a Session though. It's still a cookie. But when saving user login info, most people use the Session object. It's just easier to work with.
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!