tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ken Bowen <>
Subject Re: "remember me" authentication?
Date Thu, 26 Feb 2009 22:27:28 GMT
If the app maintains sessions, then the logon page can read the  
cookie, install some sort of User bean as a session attribute,
and then all other pages need only check for the presence of a non- 
null value under that attribute.  This even works for a
logon-optional/remember-me (low security) setting where users can  
remain anonymous, but registering and logging in
provides additional services.

Ken Bowen

On Feb 26, 2009, at 5:13 PM, Serge Fonville wrote:

>> Does Tomcat provide default support in some way to implement a  
>> 'remember
>> me' feature for form based authentication? This should not be  
>> dependent on a
>> user's browser remembering the username/password, but by a checkbox  
>> you can
>> check/clear on the logon jsp.
> if you google for 'jsp cookie' you will find
> If so, where do I find it? If not, how can I implement it? My guess  
> is that
>> I store the user credentials in a cookie, but how do I get every  
>> jsp/servlet
>> in my application that requires authentication to automatically  
>> retrieve
>> this and skip authentication? Sounds like a lot of overhead, unless  
>> Tomcat
>> can take care of it.
> In any jsp page you can use include directives and inline java  
> (scriptlet).
> Alternatively you can implement java beans to perform the  
> authentication
> decisions.
> Any web application that uses authentication needs to perform these  
> steps at
> every request (page view)
> Hope this helps.
> Regards,
> Serge Fonville

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message