*
The moose likes Servlets and the fly likes after login with wrong credentials, again login with correct credentials aslo giving login failed Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Android Security Essentials Live Lessons this week in the Android forum!
JavaRanch » Java Forums » Java » Servlets
Bookmark "after login with wrong credentials, again login with correct credentials aslo giving login failed" Watch "after login with wrong credentials, again login with correct credentials aslo giving login failed" New topic
Author

after login with wrong credentials, again login with correct credentials aslo giving login failed

kumar shiva
Greenhorn

Joined: Jul 04, 2012
Posts: 12
Hi,
can any one could help me!!!

I am developing a login web project using servlets, filters and am using sesseions for login and logout.
my problem is when enter correct username and poss word works fine, but when user enters wrong credentials giving login failed , next if he enters correct credentials also giving Login failed.
if clears the Browser history again login with correct credentilas worksfine.

Thanks
Prasad Krishnegowda
Ranch Hand

Joined: Apr 25, 2010
Posts: 507

When login is successful, you create a new session or get an existing session? If you get an existing session, on login failure what are you setting in session, is this variable cleared on successful login?

P:S:You describe the problem and don't show us the code, so how do you expect us to help?
Please post the relevant codes, so that you get useful answers...


Regards, Prasad
SCJP 5 (93%)
kumar shiva
Greenhorn

Joined: Jul 04, 2012
Posts: 12
Prasad Krishnegowda wrote:When login is successful, you create a new session or get an existing session? If you get an existing session, on login failure what are you setting in session, is this variable cleared on successful login?

Hi Prasad,


this is my code.
AuthenticationFilter.java



and Login.java






please help me.

Thanks.
Prasad Krishnegowda
Ranch Hand

Joined: Apr 25, 2010
Posts: 507

Your code needs lot of refactoring, first accessing database from Servlets, a strict no no..
It would help if you learn Spring Security, take a look at it once..

However, is the session attribute path set properly? Did you try printing it, what's the result you got.?

kumar shiva
Greenhorn

Joined: Jul 04, 2012
Posts: 12
Prasad Krishnegowda wrote:Your code needs lot of refactoring, first accessing database from Servlets, a strict no no..
It would help if you learn Spring Security, take a look at it once..

However, is the session attribute path set properly? Did you try printing it, what's the result you got.?




Thanks for the advice,
But i'm new to Servlets.

Session attribute path is fine
Tim Holloway
Saloon Keeper

Joined: Jun 25, 2001
Posts: 15959
    
  19

Keep it an intellectual exercise. I've never yet seen a user-designed login/security system that was actually secure. Most, in fact, are horribly insecure.

There's already well-documented, pre-debugged, proven login security system built right into the J2EE specification and implemented on every J2EE/JEE webapp server I know of - even the incomplete implementations like Tomcat.

For at least 98% of the webapps out there, that system will be more secure for less effort and expense than anything a person(s) who isn't a full-time security expert can produce.


Customer surveys are for companies who didn't pay proper attention to begin with.
Prasad Krishnegowda
Ranch Hand

Joined: Apr 25, 2010
Posts: 507

where is this attribute set?


Also, path variable is constructed, only if authorized is false.. Is is this what you needed?
It might be the case that, on login failure userToken is set in session, since its not null, authorized becomes true, now, since authorized its true, path variable is not set properly..
kumar shiva
Greenhorn

Joined: Jul 04, 2012
Posts: 12
Prasad Krishnegowda wrote:where is this attribute set?

It might be the case that, on login failure userToken is set in session, since its not null, authorized becomes true, now, since authorized its true, path variable is not set properly..



Thanks Prasad.
It's working fine when i set the
session.setAttribute("path",null);
in login.java after line number 75

Thanks Javaranch
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: after login with wrong credentials, again login with correct credentials aslo giving login failed
 
Similar Threads
Redirecting user to Login page & then resuming on the same page
java.io.IOException: Server returned HTTP response code: 500 for URL: http://localhost/HSMS/xmlcomm.
RememberMe on login page
Problem with j_security_check
How to access Errors in Action class .....