This week's book giveaway is in the OCAJP forum.
We're giving away four copies of Programmer's Guide to Java SE 8 Oracle Certified Associate (OCA) and have Khalid A Mughal & Rolf W Rasmussen on-line!
See this thread for details.
Win a copy of Programmer's Guide to Java SE 8 Oracle Certified Associate (OCA) this week in the OCAJP forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Auto Login

 
Alec Lee
Ranch Hand
Posts: 569
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
In some sites like javaranch.com itself, you dont have to login everytime. After the user logon for the first time, a cookie will be created in the client storing the login information so that the user is automatically login we he returns. Let not focus on how secure this kind of cookie initiated login is (well, afterall who would hack your password in order to post a message in bulletin board). I would like to know how we could do this if the appli is using form-based authentication.

Recall that when we do form-based authentication, these steps are involved normally:

1. User requests a constrained resource.

2. Container sees the constrained resource and returns the login form and somehow enter a mode expecting the 'j_security_check' URL.

3. User submits the login form which looks like <form action=j_security_check> with 'j_username' and 'j_password' parameters.

The important point is in step 2, the container AUTOMATICALLY enters a mode accepting the j_security_check URL as special request for login - rather than normal URL. This step is important because if we directly submit a form with 'j_security_check' while the container is not expecting it, it is treated as a normal URL.

This comes to a problem, if I want my cookie (perhaps storing username & password) to trigger auto login, how can I cause the container to accept j_security_check to mean login attempt.
 
David O'Meara
Rancher
Posts: 13459
Android Eclipse IDE Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Why are you starting a new thread? For those coming in late, the original is here. If this creates duplicate conversations I will probably have to close one
 
David O'Meara
Rancher
Posts: 13459
Android Eclipse IDE Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I don't norrmally use that much JavaScript, but you may be able to store the username/password in the cookie a, then when the user visits again, add more JS to detect the cookie, extract the values, insert into the fields and autosubmit the form. It won't happen automatically, but it should be fast enough.
 
Alec Lee
Ranch Hand
Posts: 569
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I didn't explain clearly what I was trying to do in my previous thread. Just want to add more explanation here.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic