Login feature for Tomcat webapp
I have developed simple website using Tomcat and Java. Now I'm trying to add authentication to it. I am storing username and encrypted password in database.
How do I validate user on every request to website? While doing my research I found out that I need to set some cookie, return it to browser if user is authenticated, and then validate it request by checking this cookie in every request I get from user.
Also, how do I manage the session, i.e. create new session for user upon authentication, set timeout, clear session and cookie upon logout?
Web development and particularly authentication/user management is very new to me, so I will appreciate your help.
This will depend a lot upon the language you are using to develop the website and how you plan to handle sessions.
PHP Sessions Java (JSP) Sessions ASP.NET Sessions ASP Sessions ...etc
the list goes on, especially with how to manage authenticating.
The general (pseudo code) for this usually revolves around something of this nature
Depending on the language of course:
- User Creates Account (typically an HTML form posting to your server side code)
- Account Information Is Stored to the database
- Cookie is created with information allowing user to auth in the future (with cookie duration)
- Session is created for the duration of the users login
- User leaves the website
- User comes back to the website
- Website checks for stored cookie
- if Cookie is found - check cookie, is the auth still good? (did the users password change recently? has the cookie expired)
- If the cookie is good - create a new session and allow the user into the website
- If the cookie is bad - present the user with a login form
Rinse/repeat as the user logs in and out.