Java Reference
In-Depth Information
Figure 12-33 displays lines 278 through 325 of the WebStocks servlet code.
Line 291 checks for the existence of a session attribute, userName. If this attrib-
ute does not exist, the user has not yet successfully logged on to the application.
The session object has a method which can determine if the session is a new or
previously created session; however, a user trying multiple attempts to log on
will use the same session each time. Using the same session is necessary to be
able to count unsuccessful attempts and limit them to three for a session, as is
done on lines 293 through 297. If this limit is exceeded, the user will have to
establish a new session by closing the browser and reopening it. This discourages
attempts by others to guess at a user ID and password.
FIGURE 12-33
If a user ID and password are entered, then a method, validUserPswd(), is
called to check the user password (line 307). If the user ID and password are
valid, the user has successfully logged on and the attribute, userName, is created
Search WWH ::
Custom Search