tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Bill Lunnon" <>
Subject RE: Form based security and "Remember Me"
Date Thu, 20 Feb 2003 21:13:44 GMT
A thought (just started following the thread).

I can see a problem, in that the cookies may never get initialised because
of the use of the checkbox. If the checkbox hasn't been selected, you'll
always receive null from the form.

Would suggest using a radio button instead, where the parameter will always
return a value (null is definitely an error).

Hope this is relevant to the thread


-----Original Message-----
From: John Trollinger []
Sent: Friday, 21 February 2003 7:32 AM
To: 'Tomcat Users List'
Subject: RE: Form based security and "Remember Me"

But does this work with Form based authenticaiton and realms... How do
you let the realm know that the user remembered so the login can be


> -----Original Message-----
> From: Shapira, Yoav []
> Sent: Thursday, February 20, 2003 3:23 PM
> To: Tomcat Users List
> Subject: RE: Form based security and "Remember Me"
> Howdy,
> I'm not doing this, and I'm one of those people who cleans
> their cache every time their browser is closed (12Ghosts auto
> wash is among the greatest tools I've ever seen for any
> computing purpose, ever), so Remember Me functionality
> doesn't typically work for me, but...
> >Is anyone doing this at all?  And if so how?
> Assuming remember me is a checkbox, e.g.
> <input type="checkbox" name="rememberUser">Remember Me</input>
> Then something like:
> String rememberUserString = request.getParameter("rememeberUser");
> if((rememebrUserString != null) &&
>    (rememeberUserString.equalsIgnoreCase("true")) {
>      //  Create cookie
>      Cookie userInfoCookie = new Cookie(...);
>      response.addCookie(userInfoCookie);
> }
> Then other pages in the app attempt to retrieve the cookie (using
> request.getCookies() and iterating through the cookies.  You
> can retrieve the information in a fairly cross-browser,
> server-independent way.
> You can also set attributes in the session
> (HttpSession.setAttribute("myUserName", username) or
> whatever) or do it in many other ways.
> Yoav Shapira
> Millennium ChemInformatics
> This e-mail, including any attachments, is a confidential
> business communication, and may contain information that is
> confidential, proprietary and/or privileged.  This e-mail is
> intended only for the individual(s) to whom it is addressed,
> and may not be saved, copied, printed, disclosed or used by
> anyone else.  If you are not the(an) intended recipient,
> please immediately delete this e-mail from your computer
> system and notify the sender.  Thank you.
> ---------------------------------------------------------------------
> To unsubscribe, e-mail:
> For additional commands, e-mail:

To unsubscribe, e-mail:
For additional commands, e-mail:

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message