Assignment 9 - Login Lab¶
The goal of this lab is to use cookies and sessions to run the basics of managing login and logout. If we had just a bit more time we’d create a full system. But even with this short assignment, you can learn a lot of what you need.
Login Lab Steps¶
- Start with the Session demo page. See session_demo.html.
- This is going to be our login page, so let’s name it that way.
Rename the file from
session_demo.html
, tologin.html
. - Create a JavaScript page. See session_demo.js as it can be a good
starting template for our page.
But instead of
session_demo.js
call itlogin.js
. Make sure you update the HTML document from step 1 to import this file. - Create a
GetLoginServlet
class in Java. Pattern it off the GetSessionServlet. - Update the servlet name and the URL link. A URL such as
get_login_servlet
would be good. - Create a
LoginServlet
class in Java. Use the code out of SetSessionServlet to start. - Map the
LoginServlet
to a URL oflogin_servlet
and make sure the servlet has a unique name. - Create a
LogoutServlet
class in Java. Use the code out of InvalidateSessionServlet to start. - Map the
LogoutServlet
to a URL oflogout_servlet
and make sure the servlet has a unique name. - Update the JavaScript file to use these new names. Use
login
instead ofsetSessionJava
andgetLogin
instead ofgetSessionJava
. Update button names to something that matches as well. - After all this copying and renaming, get things up and running so you can set session variables like the demo.
- Don’t allow the user to select the session key. Delete the field from the
HTML. Rename the field so it is
loginId
rather thansessionValue
. Update the JavaScript to just send the login id. Update the servlet to just take the login id. Always useloginId
in your Java file as the session key. (For some reason people find this more difficult than it is. Instead ofsessionKey
use"loginId"
. Don’t use a variable, use a string.) Test to make sure it works.
- “Rebrand” the “Clear session” section so that it instead looks like a “Logout”.
- “Rebrand” the Get Session section so that it shows who you are logged in as.
If you are logged in.
Update the servlet too. You can simplify it a lot by just doing something
like
String loginId = (String)session.getAttribute("loginId");
- Automatically call the ‘get session’ part on page load. At the end of your
login.js
script, just call the function. - Automatically call the ‘get session’ part when the user logs in.
- Automatically call the ‘get session’ part when the user logs out.
- Hide the logout section if the user isn’t logged in. To do this at the end of your
get session function, check the result and see if you should show or hide
the logout section. Note that the info you get back from the servlet will
be a string. If it returns a
null
then it will be a string"null"
not the valuenull
. Also, the string may have extra carriage returns and/or spaces so you really get backnull[space][cr]
. You might need to trim the string.