loggedIn, same session, thru several pages

[D E]

What are some good methods of letting a user's "identity" (?session?) be
known across several webpages. For example, a user logs in, and several
pages say "Welcome back KNOWN USER" if he successfully logged in... Is it as
simple as checking a cookie and setting a variable loggedIn=TRUE or are
there more durable methods not prone to possible security problems? THANKS

 

[Mohamad Fazli]

Well..

I assume u talking about using Java Server Pages..

Well the easiest is to use the session variables
<%=session.getAttribute("myname")%>

Just google off for session.setAttribute or session.getAttribute.. should be
good enuff to help you.

Few things to to consider, session will last typically across the same
thread of the explorer, i,e. if you press Ctrl-N, most likely the session
will carry across the new window...

In order to reset the session... use session.invalidate

 

[Dave Monroe]

What are some good methods of letting a user's "identity" (?session?) be
known across several webpages. For example, a user logs in, and several
pages say "Welcome back KNOWN USER" if he successfully logged in... Is it as
simple as checking a cookie and setting a variable loggedIn=TRUE or are
there more durable methods not prone to possible security problems? THANKS

There are two generally accepted methods:

1) cookies - but some organizations insist that cookies be turned
off

2) Session - the session object can carry information page to page
and it can't be turned off in the browser

I like #2.

 

[Murray]

2) Session - the session object can carry information page to page

and it can't be turned off in the browser

As long as you make sure to rewrite all URLs that is (just clarifying)