This week's book giveaway is in the OO, Patterns, UML and Refactoring forum. We're giving away four copies of Refactoring for Software Design Smells: Managing Technical Debt and have Girish Suryanarayana, Ganesh Samarthyam & Tushar Sharma on-line! See this thread for details.
I'm playing with a servlet that is "protected" behind a BASIC authentication response. The number of attempts are next to limitless, unless I set up an "attempts counter." Making it a private field is not an option as it crosses users, sessions, etc. Putting the counter on the session seems the way to go. Anybody consider this a bad practice, best practice? And is the overhead of getting and setting the object on the session high? TIA, Tim
Timothy Stone, MIT, SCJP
"This Satan's drink [coffee] is so delicious, we shall cheat Satan and baptize it." --Pope Clement the VIII (1592-1605)