Some observations about what Liutauras said.
It's not uncommon these days for the login screen to have a checkbox for "This is a public/private" computer. And/or a "Remember me on this computer" button.
I strongly recommend using the
J2EE standard login system in almost all cases for the very simple reason that probably 95% of the "do it yourself" login systems I've seen over the last 15 years or so have had such major security flaws that unskilled persons could break in within 15 minutes or less.
However, the price of this level of security is that it's limited in what can be done at login. The JEE login system accepts 2 and only 2 parameters: user ID and password. This is in large part because depending on how you configure the webapp's web.xml file, the login might be a form, a standardized popup dialog supplied by the client software (browser) or some other generic mechanism - there's simply no place to put any other data or processing logic.
As far as it goes, for specific servers, one might be able to work around that. I suspect I could create a custom Realm module for
Tomcat, for example. But obviously it wouldn't be a "write once/run anywhere" solution.