JSP/Servlets: Implementing the "remember me" option at login?

K

KhanTengri2011-04-23 12:45:36

Java

KhanTengri, 2011-04-23 12:45:36

Are there any existing approaches, techniques or patterns for implementing such functionality in JSP/Servlets? Well, or how it is usually implemented in general ...

ZYZH Two factors matter: security and speed.

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

E

ertaquo, 2011-04-23
@ertaquo

I can offer a couple of options:
1. When a user logs in, a unique code is generated and written to the database. This code is sent in cookies and is matched against the user code in the database.
2. In cookies, the user code and the hash of his password, diluted with some characters (“salted”), are sent.
In both cases, when an unauthorized user enters the site, his cookies are checked and if there are any of the above, the user is automatically authorized. Naturally, this check and authorization must pass before any actions depending on the current user are performed.
You can read about how to work with cookies here .

J

juise, 2011-04-23
@juise

That use sessions, it in Java becomes simply.
Put value into session:
protected void doPost(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
HttpSession httpSession = httpServletRequest.getSession(true);
String sid = (String) session.getAttribute("sid");
}
some_check_login_method_doPost(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
httpServletRequest.getSession().getAttribute("sid");
}