tryingtolearn — 2006-01-19T13:12:31-05:00 — #1
I have implemented a design for Remember Me functionality on a site. The way I accomplished this was by creating a new Java Servlet that checks if a cookie exists. If it does, it gets the username and password and logs the user in using the Java classes. If there was not a cookie, it redirects the user to the JSP log in page. Here is my problem. If the user Adds a Favorite from the JSP log in page, the cookie will never work since the user is going to the wrong URL (they need to go to the Java Servlet URL instead). Is there a way I can have the JSP log in page execute the Java Servlet before the JSP log in page loads (I think that is how it should occur).
Any suggestions would be appreciated.
rushiku — 2006-01-19T14:32:17-05:00 — #2
Have the JSP check for user credentials 'early on' in the code and redirect to the log-the-user-in-automatically page if they do.
I would probably split the 'check the user credentials' and 'log the user in' features into 2 servlets (or at least 2 methods) so that I could check the user credentials whenever I wanted without writing it over again.
macfraser — 2006-01-19T15:07:41-05:00 — #3
I've done this for Struts with what I call "AuthenticatedAction" in this I have a super class all of my pages use which implements Authentication.
What you can do is make your own "ValidationServlet" which extends servlet and implements the cookie checking code and decides if it should redirect or process the page, then extend your "ValidationServlet" for all your other page processing.
i.e. (PseudoCode... to give you the idea - won't work out of the box)
public abstract class ValidationServlet extends HttpServlet
public void doGet(HttpServletRequest request,
throws ServletException, IOException
//COOKIE Verification code.....
PrintWriter out = doExecute()
abstract Printwriter doExecute(HttpServletRequest request,
public class MyServlet extends ValidationServlet
public PrintWriter doExecute(HttpServletRequest request,
throws ServletException, IOException
//Do your page stuff here
tryingtolearn — 2006-01-20T10:02:12-05:00 — #4
Thanks for the suggestions but I don't think I described my situation well enough.
I do currently have 2 servlets. One that processes the code from the Log In JSP page and one that finds the cookie and logs the user in. My problem is that I can not figure out how I can run both of them from the same page.
For example, here is how I was thinking the logic should work. On load of the JSP Log In page, the page should execute the CookieServlet. If the cookie is found, it should successfully log the user in and redirect the user to the next screen. If the cookie is not found, it should load the JSP Log In page. Then when the user clicks the Log In button the LogInServlet is executed.
Is this logic correct?
Here is currently how my LogIn JSP page calls the LogInServlet.
<form name="frmLogIn" action="LogInServlet" method="Post">
How can I make this JSP Page execute the CookieServlet onLoad and the LogInServlet on Sign In button press? If there is a better way to complete this logic, please let me know.
rushiku — 2006-01-20T10:21:35-05:00 — #5
- The JSP checks for a 'checked for cookie' attribute, if not present, send to CookieServlet
- CookieSerlvet does its thing
- if no cookie present
*--CookieServlet adds an attribute that denotes the user's session has been checked.
*--CookieServlet returns user to JSP
*--'checked for cookie' attribute now present, continue loading page
*--user enters login info and submits
*--Control goes to LoginServlet
else cookie present
--login params populated from cookie
--Control goes to LoginServlet
tryingtolearn — 2006-01-20T17:51:31-05:00 — #6
Here is the code that I used to get it to work.
In my JSP Log In Page I check a value in Session. If that value is null or not found, I call the CookieServlet using the BODY tags onLoad method. If the value is found, I call a different onLoad BODY tag.
Here is my JSP code that checks the Session value.
if ( session.getAttribute( "CookieCheck" ) == "True" )
Do you see any issues with how I implemented the code? Is this how it is normally done?
rushiku — 2006-01-22T10:03:21-05:00 — #7
As cookies can be manipulated server-side, I think that is the preferred way.