• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

advice needed on login page

 
a m
Greenhorn
Posts: 6
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I was wondering how most websites maintain user's login state. Do they usually place a cookie on the user's hard drive or are they somehow maintaining the state somewhere on the server side?
I know that for some sites there's a 'save password' (such as this forum) and that gets done using a cookie. But how do some other sites reset to "logged off" state when the user closes the browser's window or clicks 'log out'??
Thanks I'd appreciate any advice on this issue because I need to implement this functionality using JSP.
 
Frank Carver
Sheriff
Posts: 6920
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
"a m",
You have already been warned about the user name you have chosen. This name will soon be turned off, so please choose another name immediately.
 
a m
Greenhorn
Posts: 6
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
i dont know how to change it
 
Angela Poynton
Ranch Hand
Posts: 3143
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Register again with a name that complys with Javaranch's naming guides http://www.javaranch.com/name.jsp
 
Marilyn de Queiroz
Sheriff
Posts: 9067
12
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
You can use an HttpSession object to store information about the user.
 
Roseanne Zhang
Ranch Hand
Posts: 1953
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
a m:
You're the lucky guy/gal, and got three sheriff taking care of you.
Roseanne
 
Geoff Tate
Ranch Hand
Posts: 55
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
what usually happens is that once a user is validated, a token (could be a String, an object, whatever) that indicates that user is validate is added to the HttpSession (session.putValue()). Then, each jsp that is loaded checks for the existence of that token. To logout, the token is removed or you could call session.invalidate(). The session.invalidate() is safer because it removes all session information.
 
Peter den Haan
author
Ranch Hand
Posts: 3252
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Originally posted by Geoff Tate:
what usually happens is that once a user is validated, a token (could be a String, an object, whatever) that indicates that user is validate is added to the HttpSession (session.putValue()). Then, each jsp that is loaded checks for the existence of that token.

Also used, and slightly "cleaner", is mapping an entire section of the site to a single servlet that checks if the user has logged in. If not, the servlet redirects the user to the login page. Otherwise the request is forwarded to whatever page was requested.
The disadvantage is that it incurs a bit more overhead. I understand the upcoming version of the servlet spec will have filters making this approach a bit more lightweight.
- Peter
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic