I have a login screen and i am authenticating users by checking credentials from database. But how can i implement Remember me check box? Like in gmail remember me(stay signed in) is present. I am using sign.jsp and Auth servlet (doPost) and oracle 10g ee for authentication.
Asked
Active
Viewed 2.1k times
2
Tom
- 761
- 7
- 22
- 41
4 Answers
7
You can use cookies for this purpose.
In your servlet response handler (doPost, doGet etc.) create a cookie in the following way -
if(remember_me_is_checked)
{
Cookie c = new Cookie("userid", userId.toString());
c.setMaxAge(24*60*60);
response.addCookie(c); // response is an instance of type HttpServletReponse
}
To read them, you can use something like this -
Cookie[] cookies = request.getCookies(); // request is an instance of type
//HttpServletRequest
boolean foundCookie = false;
for(int i = 0; i < cookies.length; i++)
{
Cookie c = cookies[i];
if (c.getName().equals("userid"))
{
string userId= c.getValue();
foundCookie = true;
}
}
Here is the official documentation for the Cookie class.
MD Sayem Ahmed
- 28,628
- 27
- 111
- 178
-
thanks Sayem for your response but can you please little bit elaborate how can i implement this `cookie` to `stay signed in`? – Tom Mar 20 '12 at 10:49
-
refer this link,this s in jsf but see the logic behind that http://www.roseindia.net/jsf/RememberMeLogin.shtml – Rakesh Patel Mar 20 '12 at 10:52
-
@RakeshPatel ya useful one but if i will delete cookies from the browser then perhaps i have to check the check box again to implement `stay signed in` – Tom Mar 20 '12 at 10:56
-
@Tom: I have edited the answer to include some sample code :-). – MD Sayem Ahmed Mar 20 '12 at 10:57
-
ya nice explanation Sayem but if i will delete cookies from the browser then perhaps i have to check the check box again to implement `stay signed in` right? – Tom Mar 20 '12 at 10:57
-
@Tom: Yes, right. I think most of the sites implement this feature using cookies. Try clearing your cookies now. You will see that none of the sites you logged in while checking `Stay Signed In` will recognize you :-). – MD Sayem Ahmed Mar 20 '12 at 10:59
-
when cookie is not exists the don't check the checkbox – Rakesh Patel Mar 20 '12 at 11:00
0
You can use cookies to help with your implementation. Something like this .
String userIdendificationKey="UserName";
Cookie cookie = new Cookie ("userIdendificationKey",userIdendificationKey);
// Set the age of the cokkie
cookie.setMaxAge(365 * 24 * 60 * 60);
//Then add the cookies to the response
response.addCookie(cookie);
and then check against the particular value later .
seeker
- 6,841
- 24
- 64
- 100
-1
I don't know whether it is secure or not,but this is what i did.
In login.jsp head tag
<script type="text/javascript">
var isLoggedIn = "${isLoggedIn}";
if(isLoggedIn === true)
window.location.href="Home.jsp";
</script>
in body tag i added a check box for Remember Me as below
<input type="checkbox" id="RememberMe" name="rememberMe">
<label for="RememberMe">Remember Me</label>
In servlet doPost method i added the code below
if(userdetails are verified)
{
if(request.getParameter("rememberMe")!=null){
request.getSession().setAttribute("isLoggedIn", true);
}
RequestDispatcher rs = request.getRequestDispatcher("Home.jsp");
rs.forward(request, response);
}
else
{
RequestDispatcher rs = request.getRequestDispatcher("fail.jsp");
rs.include(request, response);
}
using this it will ask for the credentials at first time login,and it will store the login info in session parameters,if you try to access the site second time it will automatically goes to "Home.jsp" instead of "login.jsp"
please comment whether this method is good practice,any other modifications can be done. Suggestions are welcome.
raviraja
- 676
- 10
- 27
-2
Take a look at Spring SecurityIt
It is a powerful and highly customizable authentication and access-control framework.
You can also check the code from Rose India, this will be more helpful to you.
Ashique Majeed
- 39
- 1
- 1
- 6