Remember me in jsp login page [duplicate]

Question

This question already has answers here:

How do I keep a user logged into my site for months? (2 answers)

Closed 4 years ago.

I have a login screen and i am authenticating users by checking credentials from database. But how can i implement Remember me check box? Like in gmail remember me(stay signed in) is present. I am using sign.jsp and Auth servlet (doPost) and oracle 10g ee for authentication.

Answer 1

You can use cookies for this purpose.

In your servlet response handler (doPost, doGet etc.) create a cookie in the following way -

if(remember_me_is_checked)
{
    Cookie c = new Cookie("userid", userId.toString());
    c.setMaxAge(24*60*60);
    response.addCookie(c);  // response is an instance of type HttpServletReponse
}

To read them, you can use something like this -

Cookie[] cookies = request.getCookies();     // request is an instance of type 
                                             //HttpServletRequest
boolean foundCookie = false;

for(int i = 0; i < cookies.length; i++)
{ 
    Cookie c = cookies[i];
    if (c.getName().equals("userid"))
    {
        string userId= c.getValue();
        foundCookie = true;
    }
}  

Here is the official documentation for the Cookie class.

Answer 2

You can use cookies to help with your implementation. Something like this .

String userIdendificationKey="UserName";

 Cookie cookie = new Cookie ("userIdendificationKey",userIdendificationKey);
// Set the age of the cokkie
 cookie.setMaxAge(365 * 24 * 60 * 60);
//Then add the cookies to the response
  response.addCookie(cookie);

and then check against the particular value later .

Answer 3

I don't know whether it is secure or not,but this is what i did.

In login.jsp head tag

<script type="text/javascript">
var isLoggedIn = "${isLoggedIn}";
if(isLoggedIn === true)
 window.location.href="Home.jsp";
</script>

in body tag i added a check box for Remember Me as below

<input type="checkbox" id="RememberMe" name="rememberMe">
<label for="RememberMe">Remember Me</label>

In servlet doPost method i added the code below

if(userdetails are verified)
            {           
                if(request.getParameter("rememberMe")!=null){
                    request.getSession().setAttribute("isLoggedIn", true);
                }
                RequestDispatcher rs = request.getRequestDispatcher("Home.jsp");
                rs.forward(request, response);                  
            }
            else
            {
                RequestDispatcher rs = request.getRequestDispatcher("fail.jsp");
                rs.include(request, response);
            }

using this it will ask for the credentials at first time login,and it will store the login info in session parameters,if you try to access the site second time it will automatically goes to "Home.jsp" instead of "login.jsp"

please comment whether this method is good practice,any other modifications can be done. Suggestions are welcome.

Answer 4

Take a look at Spring SecurityIt

It is a powerful and highly customizable authentication and access-control framework.

You can also check the code from Rose India, this will be more helpful to you.