Re: plain text login

[Sam Newman]

I do a similar thing with servlets. I wrote a servelt class called ProtectedResource. When its accessed, it retrieves the current servlet session. Unless a value has been set in the current session, it redirects the user to a logon page. the login page takes the login and password, checks against the db, and if ok sets a value in the session. When redirecting from the ProtectedResource I store the required page, so that aftyer a successful login you get redirected. To make this secure, all I have to do now is get tomcat working with SSL....   I don't know how JSP works, so I'm not sure how easy this would translate. The code I got was from the Servlet Programming book from O'Reilly. Perhaps you could wrap all protected .jsp pages in a servlet? If authorised it goes straight to the page for example..   sam ----- Original Message ----- From: Ryan To: [EMAIL PROTECTED] Sent: Tuesday, March 06, 2001 3:24 AM Subject: plain text login To make things easier, I want to make a plain text login page called login.jsp that contains a form with fields to enter username and password. Then I will submit the info to a verify page (verify.jsp) that checks to see if the username and password combination matches that which is stored in a mySQL database.   I was wondering how to keep only valid users from being able to access verify.jsp. meaning not just anyone could login into http://localhost/verify.jsp.  Would a session variable be the best way to do this? Where I would store the IP of the client and a special generated ID that would be saved in the session object and appened to the url.   Does this sound like a reasonable way of approaching the problem. If so, I don't see the specs for a 'Session' object and how do I obtain the IP of the client?     thanx -ryan