subject:"stay logged in\/session expiration time"

stay logged in/session expiration time

2007-09-10 Thread Zsolt Süli


Hi!

I'd like to write a signIn page, that let me STAY LOGGED IN (/always
signed in/etc.). This way the session won't be closed when I close the
browser. The only way to invalidate the session is to log out (or many
days have to pass). I think I should use session cookies, and I should
set the expiration time somehow. And that's the question ... how?

Thx in advance,
ZsZso


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: stay logged in/session expiration time

2007-09-10 Thread Igor Vaynberg

in web.xml

-igor


On 9/10/07, Zsolt Süli [EMAIL PROTECTED] wrote:

 Hi!

 I'd like to write a signIn page, that let me STAY LOGGED IN (/always
 signed in/etc.). This way the session won't be closed when I close the
 browser. The only way to invalidate the session is to log out (or many
 days have to pass). I think I should use session cookies, and I should
 set the expiration time somehow. And that's the question ... how?

 Thx in advance,
 ZsZso


 -
 To unsubscribe, e-mail: [EMAIL PROTECTED]
 For additional commands, e-mail: [EMAIL PROTECTED]

Re: stay logged in/session expiration time

2007-09-10 Thread Igor Vaynberg

webapps arent really designed to do this, you will have to write the
appropriate hooks for your servlet container. eg your own sessionmanager for
tomcat, etc.

-igor


On 9/10/07, Zsolt Süli [EMAIL PROTECTED] wrote:

 Yeah, but I want to change dynamically. Say Joe wants to stay logged in,
 so he set the STAY LOGGED IN checkbox on, but Lilly doesn't like these
 things, so she just let it go, and the checkbox stays off. So web.xml is
 a good solution, and thanks for that. My mistake, I wasn't too precise
 at my last letter. Maybe the more accurate question sounds like this:
 how can I change the sessions expiration time during runtime?

 ZsZso

 Igor Vaynberg wrote:
  in web.xml
 
  -igor
 
 
  On 9/10/07, Zsolt Süli [EMAIL PROTECTED] wrote:
 
  Hi!
 
  I'd like to write a signIn page, that let me STAY LOGGED IN (/always
  signed in/etc.). This way the session won't be closed when I close the
  browser. The only way to invalidate the session is to log out (or many
  days have to pass). I think I should use session cookies, and I should
  set the expiration time somehow. And that's the question ... how?
 
  Thx in advance,
  ZsZso
 
 
  -
  To unsubscribe, e-mail: [EMAIL PROTECTED]
  For additional commands, e-mail: [EMAIL PROTECTED]
 
 
 
 
 


 -
 To unsubscribe, e-mail: [EMAIL PROTECTED]
 For additional commands, e-mail: [EMAIL PROTECTED]

Re: stay logged in/session expiration time

2007-09-10 Thread John Ray


I think what you are looking for are the following steps

1) When a user first comes to the site check if they have a cookie from a
prior visit and automatically log them in.
2) If they don't have a cookie then redirect them to the login page
3) As they log in set a cookie on their browser so the next time they visit
they will be automatically logged in during step 1 above. The cookie will
need to contain the the user name and password to authenticate them. It
would probably be best for added security to do a one way hash (such as SHA)
on the password though and not store the actually password in the cookie. 

To do steps 1 and 2 you need your own AuthorizationStrategy for your
application. Look at the wicket example to do this

http://wicketstuff.org/wicket13/signin/

Don't forget there is a link to view the source code in the top right of the
page. You need to modify the AuthorizationStrategy to something like this

public class MyAuthorizationStrategy implements IAuthorizationStrategy {

  public boolean isInstantiationAuthorized(Class componentClass) {
if (AuthenticatedWebPage.class.isAssignableFrom(componentClass)) {
  // Is user signed in?
  if (((SignInSession)Session.get()).isSignedIn()) {
// okay to proceed
return true;
}

// Look at cookies to determine if the user should be logged in
automatically
Cookie[] cookies = ((WebRequest)
RequestCycle.get().getRequest()).getCookies();
... iterate through each cookie for our magic login cookie
... If a cookie is found then log the user in

// Redirect user to login page if there was no cookie
throw new RestartResponseAtInterceptPageException(SignIn.class);
  }

  ...
}

For step 3 you'll need to modify the onSubmit() method in the login page so
that it sets a cookie on the browser when the user is logged in. 

  Cookie loginCookie = new Cookie(...);
  ... Also set the cookie MaxAge so that the browser will remeber it even if
the browser is closed
  getWebRequestCycle().getWebResponse().addCookie(loginCookie);

The Cookies are just standard J2EE cookies from the servlet API so look at
the J2EE docs for more info on them.
-- 
View this message in context: 
http://www.nabble.com/stay-logged-in-session-expiration-time-tf4416611.html#a12600257
Sent from the Wicket - User mailing list archive at Nabble.com.


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

stay logged in/session expiration time

Re: stay logged in/session expiration time

Re: stay logged in/session expiration time

Re: stay logged in/session expiration time

4 matches

Site Navigation

Mail list logo

Footer information