This week's book giveaway is in the OCAJP forum. We're giving away four copies of OCA Java SE 8 Programmer I Study Guide 1Z0-808 and have Jeanne Boyarsky & Scott Selikoff on-line! See this thread for details.
I'm playing with a servlet that is "protected" behind a BASIC authentication response. The number of attempts are next to limitless, unless I set up an "attempts counter." Making it a private field is not an option as it crosses users, sessions, etc. Putting the counter on the session seems the way to go. Anybody consider this a bad practice, best practice? And is the overhead of getting and setting the object on the session high? TIA, Tim
Timothy Stone, MIT, SCJP
"This Satan's drink [coffee] is so delicious, we shall cheat Satan and baptize it." --Pope Clement the VIII (1592-1605)