Win a copy of Think Java: How to Think Like a Computer Scientist this week in the Java in General forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

after login with wrong credentials, again login with correct credentials aslo giving login failed

 
kumar shiva
Greenhorn
Posts: 12
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,
can any one could help me!!!

I am developing a login web project using servlets, filters and am using sesseions for login and logout.
my problem is when enter correct username and poss word works fine, but when user enters wrong credentials giving login failed , next if he enters correct credentials also giving Login failed.
if clears the Browser history again login with correct credentilas worksfine.

Thanks
 
Prasad Krishnegowda
Ranch Hand
Posts: 667
4
Eclipse IDE Java Spring
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
When login is successful, you create a new session or get an existing session? If you get an existing session, on login failure what are you setting in session, is this variable cleared on successful login?

P:S:You describe the problem and don't show us the code, so how do you expect us to help?
Please post the relevant codes, so that you get useful answers...
 
kumar shiva
Greenhorn
Posts: 12
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Prasad Krishnegowda wrote:When login is successful, you create a new session or get an existing session? If you get an existing session, on login failure what are you setting in session, is this variable cleared on successful login?

Hi Prasad,


this is my code.
AuthenticationFilter.java



and Login.java






please help me.

Thanks.
 
Prasad Krishnegowda
Ranch Hand
Posts: 667
4
Eclipse IDE Java Spring
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Your code needs lot of refactoring, first accessing database from Servlets, a strict no no..
It would help if you learn Spring Security, take a look at it once..

However, is the session attribute path set properly? Did you try printing it, what's the result you got.?

 
kumar shiva
Greenhorn
Posts: 12
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Prasad Krishnegowda wrote:Your code needs lot of refactoring, first accessing database from Servlets, a strict no no..
It would help if you learn Spring Security, take a look at it once..

However, is the session attribute path set properly? Did you try printing it, what's the result you got.?




Thanks for the advice,
But i'm new to Servlets.

Session attribute path is fine
 
Tim Holloway
Saloon Keeper
Pie
Posts: 18152
52
Android Eclipse IDE Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Keep it an intellectual exercise. I've never yet seen a user-designed login/security system that was actually secure. Most, in fact, are horribly insecure.

There's already well-documented, pre-debugged, proven login security system built right into the J2EE specification and implemented on every J2EE/JEE webapp server I know of - even the incomplete implementations like Tomcat.

For at least 98% of the webapps out there, that system will be more secure for less effort and expense than anything a person(s) who isn't a full-time security expert can produce.
 
Prasad Krishnegowda
Ranch Hand
Posts: 667
4
Eclipse IDE Java Spring
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
where is this attribute set?


Also, path variable is constructed, only if authorized is false.. Is is this what you needed?
It might be the case that, on login failure userToken is set in session, since its not null, authorized becomes true, now, since authorized its true, path variable is not set properly..
 
kumar shiva
Greenhorn
Posts: 12
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Prasad Krishnegowda wrote:where is this attribute set?

It might be the case that, on login failure userToken is set in session, since its not null, authorized becomes true, now, since authorized its true, path variable is not set properly..



Thanks Prasad.
It's working fine when i set the
session.setAttribute("path",null);
in login.java after line number 75

Thanks Javaranch
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic