• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Ron McLeod
  • Paul Clapham
  • Tim Cooke
  • Devaka Cooray
Sheriffs:
  • Liutauras Vilda
  • paul wheaton
  • Rob Spoor
Saloon Keepers:
  • Tim Moores
  • Stephan van Hulst
  • Tim Holloway
  • Piet Souris
  • Mikalai Zaikin
Bartenders:
  • Carey Brown
  • Roland Mueller

Auto Login

 
Ranch Hand
Posts: 569
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
In some sites like javaranch.com itself, you dont have to login everytime. After the user logon for the first time, a cookie will be created in the client storing the login information so that the user is automatically login we he returns. Let not focus on how secure this kind of cookie initiated login is (well, afterall who would hack your password in order to post a message in bulletin board). I would like to know how we could do this if the appli is using form-based authentication.

Recall that when we do form-based authentication, these steps are involved normally:

1. User requests a constrained resource.

2. Container sees the constrained resource and returns the login form and somehow enter a mode expecting the 'j_security_check' URL.

3. User submits the login form which looks like <form action=j_security_check> with 'j_username' and 'j_password' parameters.

The important point is in step 2, the container AUTOMATICALLY enters a mode accepting the j_security_check URL as special request for login - rather than normal URL. This step is important because if we directly submit a form with 'j_security_check' while the container is not expecting it, it is treated as a normal URL.

This comes to a problem, if I want my cookie (perhaps storing username & password) to trigger auto login, how can I cause the container to accept j_security_check to mean login attempt.
 
Rancher
Posts: 13459
Android Eclipse IDE Ubuntu
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Why are you starting a new thread? For those coming in late, the original is here. If this creates duplicate conversations I will probably have to close one
 
David O'Meara
Rancher
Posts: 13459
Android Eclipse IDE Ubuntu
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I don't norrmally use that much JavaScript, but you may be able to store the username/password in the cookie a, then when the user visits again, add more JS to detect the cookie, extract the values, insert into the fields and autosubmit the form. It won't happen automatically, but it should be fast enough.
 
Alec Lee
Ranch Hand
Posts: 569
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I didn't explain clearly what I was trying to do in my previous thread. Just want to add more explanation here.
 
Don't MAKE me come back there with this tiny ad:
We need your help - Coderanch server fundraiser
https://coderanch.com/wiki/782867/Coderanch-server-fundraiser
reply
    Bookmark Topic Watch Topic
  • New Topic