I want to add cookie functionality to TheServerSide so that people don't have to log in all the time, kind of like on JavaLobby.org.
I was thinking of creating a cookie that stores a user's ID, and a hashcode of their password (this would prevent people fiddling with their cookie and assuming the identity of someone else). Pretty simple so far, now the problem is, how and when do I use this cookie on TheServerSide?
When should the server check to see if the cookie exists? On every web request? I would like to have a "You are logged in as ..." on every page. This means that either the server will read the cookie on every request, or read it once and "login" the user (so it would have to query a session bean for user's name on every request). How will this affect my servlet session, and ejb timeouts?
thanks guys,
Floyd Marinescu
Discussions
Web tier: servlets, JSP, Web frameworks: strategies for using cookies on portals like TheServerSide
-
strategies for using cookies on portals like TheServerSide (5 messages)
- Posted by: Floyd Marinescu
- Posted on: June 20 2000 11:49 EDT
Threaded Messages (5)
- portal cookies by Duane Fields on June 22 2000 09:42 EDT
- portal cookies by chris bono on July 17 2000 14:06 EDT
- portal cookies by Floyd Marinescu on July 20 2000 05:03 EDT
- portal cookies by vk guda on March 30 2001 05:19 EST
- portal cookies by Pure XML on December 27 2002 17:24 EST
- portal cookies by chris bono on July 17 2000 14:06 EDT
-
portal cookies[ Go to top ]
- Posted by: Duane Fields
- Posted on: June 22 2000 09:42 EDT
- in response to Floyd Marinescu
Depends on how your login servlet works. What I usually do is create an AuthenticatedServlet base class that stores your credentials in the session. I then extend this class for each servlet in the system. Thus every request is validated in the base service() method before it is allowed to continue. If there are no login credentials in the session, the user is redirected to a login page before prcoeeding. If however, a hashed cookie is found this is used to log the person in, populating the session with their credentials. -
portal cookies[ Go to top ]
- Posted by: chris bono
- Posted on: July 17 2000 14:06 EDT
- in response to Duane Fields
Floyd,
I am assuming that you guys are not using the built in J2EE security? -
portal cookies[ Go to top ]
- Posted by: Floyd Marinescu
- Posted on: July 20 2000 17:03 EDT
- in response to chris bono
Chris,
We are not using built in J2EE security, since WL 4.5.1 doesn't have J2EE support. When we upgrade to 5.1, we may switch to using the security support.
Floyd -
portal cookies[ Go to top ]
- Posted by: vk guda
- Posted on: March 30 2001 05:19 EST
- in response to Duane Fields
Hi friend ,
This is guda. I am presently working on a portal system.
I want to keep track the session with userid and password. and also i have to allow the user to view all pages without again relogin.. may be by using cookies..i too dont know corectly..if login expires or if the user is not the correct user.. then he must login... so for this i need some example code pls can u send for me ...
Thank you for ur cooperation.
guda. -
portal cookies[ Go to top ]
- Posted by: Pure XML
- Posted on: December 27 2002 17:24 EST
- in response to Duane Fields
This is how I do it too. Also, with regards to the timeout Floyd asked about, on each web request I reset the timeout - probably don't have to do it that way, but I do. That way, if the timeout is 15 minutes and a logged in user is actively moving around the site for 15 minutes +, they aren't suddenly sent to the log in page upon their next request.