Java/JSP Remember Me Functionality Using a Cookie

TryingToLearn · January 19, 2006, 6:12pm

I have implemented a design for Remember Me functionality on a site. The way I accomplished this was by creating a new Java Servlet that checks if a cookie exists. If it does, it gets the username and password and logs the user in using the Java classes. If there was not a cookie, it redirects the user to the JSP log in page. Here is my problem. If the user Adds a Favorite from the JSP log in page, the cookie will never work since the user is going to the wrong URL (they need to go to the Java Servlet URL instead). Is there a way I can have the JSP log in page execute the Java Servlet before the JSP log in page loads (I think that is how it should occur).

Any suggestions would be appreciated.

Thanks.

rushiku · January 19, 2006, 7:32pm

Have the JSP check for user credentials ‘early on’ in the code and redirect to the log-the-user-in-automatically page if they do.

I would probably split the ‘check the user credentials’ and ‘log the user in’ features into 2 servlets (or at least 2 methods) so that I could check the user credentials whenever I wanted without writing it over again.

macfraser · January 19, 2006, 8:07pm

I’ve done this for Struts with what I call “AuthenticatedAction” in this I have a super class all of my pages use which implements Authentication.

What you can do is make your own “ValidationServlet” which extends servlet and implements the cookie checking code and decides if it should redirect or process the page, then extend your “ValidationServlet” for all your other page processing.

i.e. (PseudoCode… to give you the idea - won’t work out of the box)

public abstract class ValidationServlet extends HttpServlet
{
  public void doGet(HttpServletRequest request,
                    HttpServletResponse response)
      throws ServletException, IOException
      {

       //COOKIE Verification code.....

      //execution method
      PrintWriter out = doExecute()


  }

  abstract Printwriter doExecute(HttpServletRequest request,
                    HttpServletResponse response);
}


public class MyServlet extends ValidationServlet
{
  public PrintWriter doExecute(HttpServletRequest request,
                    HttpServletResponse response)
      throws ServletException, IOException
      {

       //Do your page stuff here

      return;


       }


}

TryingToLearn · January 20, 2006, 3:02pm

Thanks for the suggestions but I don’t think I described my situation well enough.

I do currently have 2 servlets. One that processes the code from the Log In JSP page and one that finds the cookie and logs the user in. My problem is that I can not figure out how I can run both of them from the same page.

For example, here is how I was thinking the logic should work. On load of the JSP Log In page, the page should execute the CookieServlet. If the cookie is found, it should successfully log the user in and redirect the user to the next screen. If the cookie is not found, it should load the JSP Log In page. Then when the user clicks the Log In button the LogInServlet is executed.

Is this logic correct?

Here is currently how my LogIn JSP page calls the LogInServlet.


<form name="frmLogIn" action="LogInServlet" method="Post">

How can I make this JSP Page execute the CookieServlet onLoad and the LogInServlet on Sign In button press? If there is a better way to complete this logic, please let me know.

Thanks!

rushiku · January 20, 2006, 3:21pm

The JSP checks for a ‘checked for cookie’ attribute, if not present, send to CookieServlet
CookieSerlvet does its thing

if no cookie present
*–CookieServlet adds an attribute that denotes the user’s session has been checked.
*–CookieServlet returns user to JSP
*–‘checked for cookie’ attribute now present, continue loading page
*–user enters login info and submits
*–Control goes to LoginServlet
#–else cookie present
#–login params populated from cookie
#–Control goes to LoginServlet

TryingToLearn · January 20, 2006, 10:51pm

Thanks.

Here is the code that I used to get it to work.

In my JSP Log In Page I check a value in Session. If that value is null or not found, I call the CookieServlet using the BODY tags onLoad method. If the value is found, I call a different onLoad BODY tag.

Here is my JSP code that checks the Session value.


<%
   if ( session.getAttribute( "CookieCheck" ) == "True" )
   {
%>

<body onLoad="JavaScript: onLoad();">

<%
   }
   else
   {
%>

<body onLoad="JavaScript: checkCookie();">

<%
   }
%>

The checkCookie JavaScript method submits a form that calls CookieServlet. If the Cookie is found, the log in occurs and the user is redirected to the next page. If the Cookie is not found the Session variable is set to True and the user is redirected back to the Log In JSP page. This time a different BODY tag is used calling a different JavaScript method.

Do you see any issues with how I implemented the code? Is this how it is normally done?

rushiku · January 22, 2006, 3:03pm

As cookies can be manipulated server-side, I think that is the preferred way.

Server-side code isn’t an option the user can elect to turn off like javascript is.

Anyway, if it works, it works. You’ll just have to remember to test it with javascript turned off to see what happens.

With a little hunting around, you can find examples of using the HTML noscript tag notify to users that their javascript is turned off and/or is required to use the site.