File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes JSP and the fly likes Keep the user signed in even after browser closes Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » JSP
Bookmark "Keep the user signed in even after browser closes" Watch "Keep the user signed in even after browser closes" New topic

Keep the user signed in even after browser closes

seema mani
Ranch Hand

Joined: Sep 30, 2001
Posts: 49
hi I'm maintaining sessions using JSPs. I want the logged in users to remain signed in unless they sign out explicitly. That is whenever the user visits the site, he doesn't need to login again, he's automatically logged in and redirected to the last page he had visited on the site. How do I achieve this ? The user's session would time out after he closes the browser right ? So even if I use cookies, won't the session have expired ? Please advise

Sun Certified Java Programmer<br />Sun Certified Web Component Developer<br />Sun Certified Business Component Developer
David O'Meara

Joined: Mar 06, 2001
Posts: 13459

There are two options that I can think of.
The first is to store the username and password on the cookie. Every time they visit they can be logged in if they aren't already logged in. Therefore you'll have to detect if they are logged in and do some processing to log them in and give them a session and set up any other data you require.
The second is to associate each user with a token on the server side. You store this token in the cookie and against the user on the server. When someone has that cookie and passes the token, as above you associate it with the user and log them in.
In both cases it is better to obscure or encrypt the data on the cookie since anyone else who sees it could fool the system into accepting them as someone they are not...
Dhananjay Inamdar
Ranch Hand

Joined: Jan 27, 2003
Posts: 130
Hello David,
I also have to similar functionality about which Seema was aksing. After going through your answer I prefered 2 one, which is preferable from the security point of the view.
Problem is that I am not crystal clear about the steps your saying about. So, will you please give some basic algorithm which explains the steps to implement this solution.
Thanks in advance!
- Dhananjay

Just like you, struggeling to get the right solutions!<br /> <br />Sun Certified Java Programmer 1.5<br /> <br />Target - SCWCD
I agree. Here's the link:
subject: Keep the user signed in even after browser closes
It's not a secret anymore!