Remember Me - Authentication

[Ben Jessel]

I don't suppose anyone knows whether servlet security has any features
that remembers users' log-ins so that they don't have to authenticate
each time they log in ( i.e remember me (*) ) ? I couldn't find
anything in Tomcat reference implementation.

Thanks

Ben

 

[Roedy Green]

I don't suppose anyone knows whether servlet security has any features
that remembers users' log-ins so that they don't have to authenticate
each time they log in ( i.e remember me (*) ) ? I

the way that is done it to feed a cookie to the browser, or to have
the browser remember the password in its proprietary way, e.g. Opera
Wand.

See http://mindprod.com/jgloss/cookie.html

 

[Ben Jessel]

Does anyone have a Tomcat specific example of this?

Thanks

Ben

 

[Sudsy]

Does anyone have a Tomcat specific example of this?

Thanks

Ben

Sorry, previous post was just login stored in session. You want to
use cookies.
In the servlet you want to protect:

public ActionForward execute( ActionMapping mapping,
ActionForm actionForm, HttpServletRequest req,
HttpServletResponse resp ) throws Exception {
Cookie cookies[] = null;
Cookie cookie = null;

cookies = req.getCookies();
for( int i = 0; i < cookies.length; i++ ) {
if( cookies.getName().equals( "USERNAME" ) ) {
cookie = cookies;
break;
}
}
if( cookie == null )
return( mapping.findForward( "login" ) );

In the login servlet:

private static final int NDAYS = 30; // number of days for
// cookie to live

public ActionForward execute( ActionMapping mapping,
ActionForm actionForm, HttpServletRequest req,
HttpServletResponse resp ) throws Exception {
Cookie cookie = null;

// after confirming credentials

cookie = new Cookie( "USERNAME", some_identifying_string );
cookie.setMaxAge( NDAYS * 24 * 60 * 60 );
resp.addCookie( cookie );