2

What I got so far: It all begins with an HTML form which prompts the user for a username and password. From there it post the acquired user/pass to a servlet, GateKeeper. GateKeeper determines if the user/pass combination match any records in the MySQL database. Here is the sql I use: SELECT id FROM Users WHERE username='?' AND password=MD5('?') where the ? indicate information provided the previous HTML form.

What I need now: I need some way to store the username and id of the record in the database. GateKeeper redirects the user to a control panel upon success. Therefore, I need a method to reference the username to display simple greetings, etc and also the id so it eliminates unnecessary calls to the database. The control panel may make AJAX calls to Servlets that preform some sort of task to the MySQL database.

peter.murray.rust
  • 37,407
  • 44
  • 153
  • 217
Robert
  • 23
  • 2

1 Answers1

2

Just store the logged-in user in the session.

User user = userDAO.find(username, password);
if (user != null) {
    request.getSession().setAttribute("user", user);
    // Display home page.
} else {
    // Display login form with error message.
}

It's then just available by ${user} in JSP EL.

<p>Welcome back, <c:out value="${user.fullname}" /></p>

Another advantage is that you can just check the presence of the logged-in user in the session to block/allow access to certain pages with help of a Filter.

Related questions:

By the way, your preparedstatement SQL is syntactically invalid. It should be without singlequotes.

SELECT id FROM Users WHERE username=? AND password=MD5(?)
Community
  • 1
  • 1
BalusC
  • 1,082,665
  • 372
  • 3,610
  • 3,555