aspose file tools*
The moose likes JSP and the fly likes best way to keep tracking of the user info? Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » JSP
Bookmark "best way to keep tracking of the user info?" Watch "best way to keep tracking of the user info?" New topic
Author

best way to keep tracking of the user info?

Aymen Benhmida
Greenhorn

Joined: Jun 24, 2011
Posts: 12

hi guys,

i'm a newbie in jsp development and web development in general. I need to keep track of the user logged in my web application information (login, password, IP)
what is the best way to do such thing?
Jeanne Boyarsky
internet detective
Marshal

Joined: May 26, 2003
Posts: 30537
    
150

You can store the login in the HttpSession (setAttribute). It is best to not keep track of the password. Read it once, authenticate and then keep a record in the session that the user is logged in. One way is to store the login only when authenticated. Keeping passwords in memory invites someone to do a memory dump and get them. The IP address is already available via the HttpRequest so you don't need to store it during the current session.


[Blog] [JavaRanch FAQ] [How To Ask Questions The Smart Way] [Book Promos]
Blogging on Certs: SCEA Part 1, Part 2 & 3, Core Spring 3, OCAJP, OCPJP beta, TOGAF part 1 and part 2
Aymen Benhmida
Greenhorn

Joined: Jun 24, 2011
Posts: 12

thanks for the respons,

i have also other jsp files where i have to verify that the user is still logged before doing any action. for example, the user has created some article when logged in and then he passes to the welcome page so i have to verify that he is still logged in in order to let him some other actions. And there some other pages which must respond to the same senario. So do i have to verify that he is still logged in every page or there's a more clean way to do this.
and if this is the best way how can you advice me to do it the best possibly way.
Thakur Sachin Singh
Ranch Hand

Joined: Jun 15, 2010
Posts: 232

you can also use the html hidden field but this is not the good idea. HttpSession is best way to do that.


SCJP 6- 91%, IBM DB2, IBM RAD Certified
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 61224
    
  66

Servlet filter


[Asking smart questions] [Bear's FrontMan] [About Bear] [Books by Bear]
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: best way to keep tracking of the user info?