Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

login , remember me, application using java servlet and jsp

Tags:

java

jsp

I'm trying to implement a login(remember me) application, and i'm having a problem to manage the cookies. when i'm doing Register(for new members) or login(for members that already have been registered) i'm doing in the server:

Cookie returnVisitorCookie = new Cookie("repeatVisitor", "yes");
returnVisitorCookie.setMaxAge(60*60*24*365); // 1 year
response.addCookie(returnVisitorCookie);

where the response i'm getting from the browser. for example : visitor.login(response).

When i'm doing SIGNOUT, i'm deleting the cookie. but it's seems that i have more cookies that it should be, i mean if i registered 2 members and signout, i still have cookies with name = "repeatVisitor" and value = "yes".

Maybe because i'm putting the cookie in different respones.

Anybody can give me an idae what i'm doing wrong and how should i implement this? Thank you

like image 746
Alexander Palvanov Avatar asked Oct 29 '12 17:10

Alexander Palvanov

People also ask

How do I add remember me to my login page?

Create a login form that has two input elements for entering username and password, a submit button, and a checkbox for Remember me. encryptCookie() – This function takes a single parameter. Generate random key and assign to $key.

What is the use of Remember Me in login form?

Clicking the “Remember Me” box tells the browser to save a cookie so that if you close out the window for the site without signing out, the next time you go back, you will be signed back in automatically.

How do your logout a session user in Servlet?

Under src folder, create a Servlet – “LogoutServlet” to process the logout request and generate the response. Run the program using “Run As -> Run on Server”.

1 Answers

I sometimes find the best way to learn or understand is by looking at an example. Here is some code we use for a working website:

@WebServlet(name = "Login", urlPatterns = {"/authorization/Login"})
public class Login extends HttpServlet {

    /**
     * Processes requests for both HTTP
     * <code>GET</code> and
     * <code>POST</code> methods.
     *
     * @param request servlet request
     * @param response servlet response
     * @throws ServletException if a servlet-specific error occurs
     * @throws IOException if an I/O error occurs
     */
    protected void processRequest(HttpServletRequest request, HttpServletResponse response)
            throws ServletException, IOException {
        response.setContentType("text/html;charset=UTF-8");

        PrintWriter out = response.getWriter();
        try {
            System.out.println("Reached login");
            if (!Authorization.isLoggedIn(request)) {
                String login = request.getParameter("login");
                String password = request.getParameter("password");
                boolean remember = Boolean.parseBoolean(request.getParameter("remember"));

                System.out.println("Reached login "+login+", "+password+","+remember);
                if (!Authorization.validateLogin(login, password)) {
                    Logger.getLogger(Login.class.getName()).log(Level.INFO,
                            "Failed login (invalid password) from {0} for {1}",
                            new String[]{request.getRemoteAddr(), login});
                    response.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Invalid username or password!");
                    return;
                }
                //So far so good... Get the user object from the database (unique login names)
                DB_User user = DB_User.get(login);
                if (!user.getActive()) {
                    response.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Your account is no longer active!");
                    return;
                }
                String sessionID = Authorization.createNewSession(user, request.getRemoteAddr(), remember);
                Cookie sessionCookie = new Cookie("my_application.session_id", sessionID);
                sessionCookie.setDomain(request.getServerName());
                sessionCookie.setPath(request.getContextPath());
                if (remember) {
                    sessionCookie.setMaxAge(ServerConfig.getLoginSessionTimeout());
                }

                response.addCookie(sessionCookie);
            }
            response.sendRedirect("/app/myAccount.jsp");
        } catch (Throwable ex) {
            Logger.getLogger(Login.class.getName()).log(Level.SEVERE, null, ex);
            ServletUtils.handleException(ex, response);
        } finally {
            out.flush();
            out.close();
        }
    }

    // +HttpSerlet default methods here. (doGet, doPost, getServletInfo)
}

Logout servlet example:

@WebServlet(name = "Logout", urlPatterns = {"/authorization/Logout"})
public class Logout extends HttpServlet {

    /**
     * Processes requests for both HTTP
     * <code>GET</code> and
     * <code>POST</code> methods.
     *
     * @param request servlet request
     * @param response servlet response
     * @throws ServletException if a servlet-specific error occurs
     * @throws IOException if an I/O error occurs
     */
    protected void processRequest(HttpServletRequest request, HttpServletResponse response)
            throws ServletException, IOException {
        response.setContentType("text/html;charset=UTF-8");
        PrintWriter out = response.getWriter();
        try {
            String sessionID = ServletUtils.getCookieValue(request.getCookies(),"my_application.session_id");

            if (sessionID != null) {
                SQLManager sql = ServerConfig.getSql();
                sql.deleteFromTable("login_session", "session_id = " + SQLString.toSql(sessionID));

                Cookie sessionCookie = new Cookie("my_application.session_id", null);
                sessionCookie.setDomain(ServletUtils.getCookieDomain(request));
                sessionCookie.setPath("/you_app_name");
                sessionCookie.setMaxAge(0);
                response.addCookie(sessionCookie);
            }
            response.sendRedirect("/security/login.jsp");

        } catch (Throwable ex) {
            Logger.getLogger(Logout.class.getName()).log(Level.SEVERE, null, ex);
            ServletUtils.handleException(ex, response);
        } finally {
            out.close();
        }
    }
}

There are some helper classes we have made as you will notice but the concept is there nonetheless. Hope this helps

like image 171
Riaan Schutte Avatar answered Sep 30 '22 17:09

Riaan Schutte
Sign in to Comment

Related questions

Sending a boolean value to a PLC from Android
The magic behind the eclipse generated executable jar file
connection refused error when running Nutch 2
oData4j sample eclipse project
Get real path of a file in a Java class
Configuring WSDD to match the WSDL in AXIS
Drag mouse to rotate and scale in Java
scala/Serializable NoClassDefFoundError (RMI w/ Scala)
How can cerr (c++) turn up in Stdout (Java)?
Cross Language Messaging [closed]
Interface binding in Eclipse
Weblogic custom deployer (if really needed)
Updating graphics
Java "workflow" design [closed]
Javaagent reports "redefineClasses is not supported in this environment"
301/302 Redirect not working in Android (work differently in different versions)
Reading a PDF Document in Android
Hibernate session within inner class
Needs clarity on hibernate second level cache
Java Annotation that is only valid for a classes implementing a specific interface?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!