In my app if I add some stuff to a session do I have to add it using the RunData object? It is being sent a type of Servlet with a doPerform(RunData data) function that that takes ina Rundata object. I am setting some stuff in a session and I used: data.getSession().setAttribute(current_username, "username"); and it worked but I send it back to the login page do a new submit and hence I loose the sessions variables I created, how can I keep them. Basically I am doing something where after 3 bad login attempts for a user they are disabled, and they are returned back to the login page telling them that, but each time I return to the login page after less than 3 login attempts the counter for number of bad login attempts gets lost. **************** Help
...maybe you can just keep the count in a hidden fld on the url. The initial request will contain 0 or 1 and the subsequent requests to the same page, you may increase the value of this fld. In this way, you may not even need to create a session for an user who's not 'IN' yet. Thanks RS
I would suggest using a database table. Have a hidden field increment a value in a row, for instance, upon each form submission. This also helps keep things scalable if you need to run the app on multiple vm's.
<a href="http://www.websiteandsound.com" target="_blank" rel="nofollow">www.websiteandsound.com</a><br />"If you do what you've always done, you'll get what you've always gotten."
Hi Anthony, You can send a formnumber parameter in the queryString and keep it incrementing 0,1,2..In your case the first time the user logs in and enters the wrong password, his username and password is maintained in session.If his passwd is wrong you can allow him three attempts i,e titll the time the formnumber is 2, then you can display a message and show him the login page again.
Joined: Sep 10, 2001
My only thing is for multiple users. If I try to login twice and then another person tries and is unsuccessful and I try again in the same sessions I should still be deined.
Joined: Feb 28, 2002
Since you want it to work even if they close their browser and open it again, it would not make sense to use session. You could set a long session timeout, but then they could also disable cookies. You could also use database to record IP number, and increment a value in another column. This way it does not matter if it is the same userID or not, and also is not affected by closing the browser.