Hi all, I am developing a web application it struts. In my login page I just want to give 3 chances for users to try to login using userid and password (meaning unless they provide the correct combination).After three incorrect attempts, I want to record the userid and keep them from logging to the page for the next 24 hours. how do I do that?
The easiest way that springs to mind is to stick a timestamp field in your user login table, when a user has 3 failed attempts set the timestamp to the current time. When a user attempts to login if that time stamp is in the last 24 hours deny them access, if it isn't them clear it and it's good to go. You may want to have this in a seperate table or add an extra bit to say when the timestamp is valid or something but that's how I'd do it, hope this gives you some ideas