...
| Code Block | ||
|---|---|---|
| ||
private String login(HttpServletRequest request, HttpServletResponse response) {
      List<String> errors = new ArrayList<String>();
       request.setAttribute("errors", errors);
      Â
      String username = request.getParameter("username");
      String password = request.getParameter("password");
     Â
// Basic input validation
      if(username.matches("[\\w]*")) errors.add("Incorrect user name format.");
      if(password.matches("[\\w]*")) errors.add("Incorrect password format.");
     Â
      if(errors.size() > 0) return "error.do";
     Â
      UserBean dbUser = this.userDAO.lookup(username);
      if(!dbUser.checkPassword(password)) {
         errors.add("Passwords do not match.");
         return "error.do";
      }
     Â
      Cookie userCookie = new Cookie("user", username); // Create a cookie that contains the username
      response.addCookie(userCookie); // Send the cookie information to the client
     Â
      return "welcome.do";
}
|
...
| Code Block | ||
|---|---|---|
| ||
private String login(HttpServletRequest request, HttpServletResponse response) {
List<String> errors = new ArrayList<String>();
request.setAttribute("errors", errors);
String username = request.getParameter("username");
String password = request.getParameter("password");
// Basic input validation
if(username.matches("[\\w]*")) errors.add("Incorrect username format.");
if(password.matches("[\\w]*")) errors.add("Incorrect password format.");
if(errors.size() > 0) return "error.do";
UserBean dbUser = this.userDAO.lookup(username);
if(!dbUser.checkPassword(password)) {
errors.add("Passwords do not match.");
return "error.do";
}
HttpSession session = request.getSession();
session.invalidate(); // Invalidate old session id
session = request.getSession(true); // Generate new session id
session.setMaxInactiveInterval(2*60*60); // Set session timeout to two hours
session.setAttribute("user", dbUser); // Store user bean within the session
return "welcome.do";
}
|
...