stay logged in/session expiration time
Hi! I'd like to write a signIn page, that let me STAY LOGGED IN (/always signed in/etc.). This way the session won't be closed when I close the browser. The only way to invalidate the session is to log out (or many days have to pass). I think I should use session cookies, and I should set the expiration time somehow. And that's the question ... how? Thx in advance, ZsZso - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: stay logged in/session expiration time
in web.xml -igor On 9/10/07, Zsolt Süli [EMAIL PROTECTED] wrote: Hi! I'd like to write a signIn page, that let me STAY LOGGED IN (/always signed in/etc.). This way the session won't be closed when I close the browser. The only way to invalidate the session is to log out (or many days have to pass). I think I should use session cookies, and I should set the expiration time somehow. And that's the question ... how? Thx in advance, ZsZso - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: stay logged in/session expiration time
webapps arent really designed to do this, you will have to write the appropriate hooks for your servlet container. eg your own sessionmanager for tomcat, etc. -igor On 9/10/07, Zsolt Süli [EMAIL PROTECTED] wrote: Yeah, but I want to change dynamically. Say Joe wants to stay logged in, so he set the STAY LOGGED IN checkbox on, but Lilly doesn't like these things, so she just let it go, and the checkbox stays off. So web.xml is a good solution, and thanks for that. My mistake, I wasn't too precise at my last letter. Maybe the more accurate question sounds like this: how can I change the sessions expiration time during runtime? ZsZso Igor Vaynberg wrote: in web.xml -igor On 9/10/07, Zsolt Süli [EMAIL PROTECTED] wrote: Hi! I'd like to write a signIn page, that let me STAY LOGGED IN (/always signed in/etc.). This way the session won't be closed when I close the browser. The only way to invalidate the session is to log out (or many days have to pass). I think I should use session cookies, and I should set the expiration time somehow. And that's the question ... how? Thx in advance, ZsZso - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: stay logged in/session expiration time
I think what you are looking for are the following steps 1) When a user first comes to the site check if they have a cookie from a prior visit and automatically log them in. 2) If they don't have a cookie then redirect them to the login page 3) As they log in set a cookie on their browser so the next time they visit they will be automatically logged in during step 1 above. The cookie will need to contain the the user name and password to authenticate them. It would probably be best for added security to do a one way hash (such as SHA) on the password though and not store the actually password in the cookie. To do steps 1 and 2 you need your own AuthorizationStrategy for your application. Look at the wicket example to do this http://wicketstuff.org/wicket13/signin/ Don't forget there is a link to view the source code in the top right of the page. You need to modify the AuthorizationStrategy to something like this public class MyAuthorizationStrategy implements IAuthorizationStrategy { public boolean isInstantiationAuthorized(Class componentClass) { if (AuthenticatedWebPage.class.isAssignableFrom(componentClass)) { // Is user signed in? if (((SignInSession)Session.get()).isSignedIn()) { // okay to proceed return true; } // Look at cookies to determine if the user should be logged in automatically Cookie[] cookies = ((WebRequest) RequestCycle.get().getRequest()).getCookies(); ... iterate through each cookie for our magic login cookie ... If a cookie is found then log the user in // Redirect user to login page if there was no cookie throw new RestartResponseAtInterceptPageException(SignIn.class); } ... } For step 3 you'll need to modify the onSubmit() method in the login page so that it sets a cookie on the browser when the user is logged in. Cookie loginCookie = new Cookie(...); ... Also set the cookie MaxAge so that the browser will remeber it even if the browser is closed getWebRequestCycle().getWebResponse().addCookie(loginCookie); The Cookies are just standard J2EE cookies from the servlet API so look at the J2EE docs for more info on them. -- View this message in context: http://www.nabble.com/stay-logged-in-session-expiration-time-tf4416611.html#a12600257 Sent from the Wicket - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]