Login feature for Tomcat webapp

I have developed simple website using Tomcat and Java. Now I'm trying to add authentication to it. I am storing username and encrypted password in database.

How do I validate user on every request to website? While doing my research I found out that I need to set some cookie, return it to browser if user is authenticated, and then validate it request by checking this cookie in every request I get from user.

Also, how do I manage the session, i.e. create new session for user upon authentication, set timeout, clear session and cookie upon logout?

Web development and particularly authentication/user management is very new to me, so I will appreciate your help.



This will depend a lot upon the language you are using to develop the website and how you plan to handle sessions.

PHP Sessions Java (JSP) Sessions ASP.NET Sessions ASP Sessions ...etc

the list goes on, especially with how to manage authenticating.

The general (pseudo code) for this usually revolves around something of this nature

Depending on the language of course:

  1. User Creates Account (typically an HTML form posting to your server side code)
  2. Account Information Is Stored to the database
  3. Cookie is created with information allowing user to auth in the future (with cookie duration)
  4. Session is created for the duration of the users login
    • User leaves the website
    • User comes back to the website
  5. Website checks for stored cookie
  6. if Cookie is found - check cookie, is the auth still good? (did the users password change recently? has the cookie expired)
  7. If the cookie is good - create a new session and allow the user into the website
  8. If the cookie is bad - present the user with a login form

Rinse/repeat as the user logs in and out.

Depending on your language you will want to look at different resources, however cookie generation is a pretty simple task and can be easily done with JavaScript and HTML. Take a look at http://www.w3schools.com/js/js_cookies.asp and see if it meets your needs. Note that from what I recall JavaScript only does Cookies, and not sessions.

Need Your Help

Casting Object To Type Of DataColumn

c# casting datatable

I am making extensive use of dictionaries to decouple some (highly coupled) code. Here are the relevant ones for my question:

How do I remove my app from the task switcher on Windows Phone?

c# xaml windows-runtime windows-phone-8.1 win-universal-app

I have a universal Windows Phone app (started from the Blank App template) consisting of a MainPage and three secondary pages. Navigation among these is working as expected (thanks to, in part, thi...

About UNIX Resources Network

Original, collect and organize Developers related documents, information and materials, contains jQuery, Html, CSS, MySQL, .NET, ASP.NET, SQL, objective-c, iPhone, Ruby on Rails, C, SQL Server, Ruby, Arrays, Regex, ASP.NET MVC, WPF, XML, Ajax, DataBase, and so on.