2

I'm using Struts 2 in my web application. My client is asking me to implement "Remember Me" feature, so that he doesn't have to login again. This is what I think should be done:

  1. I should create a cookie with some user-specific key and store the same in database on user login if "Remember me" option is checked.
  2. I should write an interceptor, that takes out cookies from the request, checks the key against the database and if found and not expired (7 days), it puts the corresponding user in session.

Is there any other, more effective & easy & better, performance-wise method?

Anders R. Bystrup
  • 15,729
  • 10
  • 59
  • 55
coding_idiot
  • 13,526
  • 10
  • 65
  • 116
  • Why you are storing cookie in database? Set the max-age of cookie to 7 days. check for expiry date of cookie.. if valid, loggedin the user.. – Shashi Jan 02 '13 at 12:55
  • This is easy but not clear (may be incomplete) description, OP is looking for some other solutions. – Roman C Jan 02 '13 at 13:21
  • 1
    You could use spring-security which has this feature. – Aleksandr M Jan 02 '13 at 13:38
  • @ShashiBhushan What would you validate the cookie against if you're not storing the key on the server? – fgb Jan 02 '13 at 14:31
  • @fgb Whether the requirement is to having unique key for every user.. Then you are right.. Otherwise there is no need of database for cookies. – Shashi Jan 03 '13 at 06:25
  • @XCoder "checks the key against the database". Whether This is typo mistake that you want to check "value" for a key – Shashi Jan 03 '13 at 06:27
  • thanks everyone for your suggestions. Let me explain in more detail : I'll store the remember_me token in the database and pass it as a cookie to user's browser. Then on incoming request, I'll get the cookie, check it against the database and login the corresponding user. – coding_idiot Jan 03 '13 at 11:08

1 Answers1

2

Your approach is correct and this link will help you to implement it in a more effective way :)

Community
  • 1
  • 1
DarkHorse
  • 2,740
  • 19
  • 28