Implementation of Login and Logout using cookies
Here,we will implement the login and logout using cookies using servlet.
Before diving deep, let us first give a look on what servlet is and what are its benefits?
“Servlets are the Java programs that runs on the Java-enabled web server or application server. They are used to handle the request obtained from the web server, process the request, produce the response, and then send response back to the web server.”
Pretty straight forward, now lets have a look on its benefits.
Benefits of Servlet:-
There are many advantages of Servlet over CGI. The web container creates threads for handling the multiple requests to the Servlet. Threads have many benefits over the Processes such as they share a common memory area, lightweight, cost of communication between the threads are low. The advantages of Servlet are as follows:
· Better performance: because it creates a thread for each request, not process.
· Portability: because it uses Java language.
· Robust: JVM manages Servlets, so we don’t need to worry about the memory leak, garbage collection, etc.
· Secure: because it uses java language.
Alright, lets have a look on cookies:-
“An HTTP cookie (also called web cookie, Internet cookie, browser cookie, or simply cookie) is a small piece of data stored on the user’s computer by the web browser while browsing a website.”
Cookies perform essential functions in the modern web. Perhaps most importantly, authentication cookies are the most common method used by web servers to know whether the user is logged in or not, and which account they are logged in with. Without such a mechanism, the site would not know whether to send a page containing sensitive information, or require the user to authenticate themselves by logging in. The security of an authentication cookie generally depends on the security of the issuing website and the user’s web browser, and on whether the cookie data is encrypted. Security vulnerabilities may allow a cookie’s data to be read by a hacker, used to gain access to user data, or used to gain access (with the user’s credentials) to the website to which the cookie belongs (see cross-site scripting and cross-site request forgery for examples).
Setting up our project
What we need as our setup?
Nothing more, except these two :-
o Eclipse IDE (Eclipse IDE for Enterprise Java Developers)
o Apache Tomcat (for setting and starting up server)
Steps to create new project:-
1. Open Eclipse IDE.
2. Click on File -> New -> Dynamic Web Project. Following dialog box will appear.
3. We enter “login”(changeable) as our project name and select Apache Tomcat as our runtime.
4. Leaving all other settings to default and clicking on finish, we are ready with our project setup.
Folder Structure and files to edit:-
o For creating our project, our project needs some java files(for servlet), our webpages which will be served, and XML for servlet mapping and other informations.
o In eclipse, we will store our java files in a package in directory “Java Resources/src” , which here is named as com.divyalogin.
o Our web pages will be stored in a WebContent folder and web.xml in WebContent/WEB-INF folder.
o After doing this, we will get our project directory something like this:-
Done with the setup part, we will proceed to coding:-
Web Part (HTML and CSS)
1. index.html:- Homepage
2.login.html:- Login Page
3. lock.html:-
HTML to be sent when user checks his vault and he is authenticated.
4. open.html:-
HTML to be sent when user checks his vault and he is authenticated.
5. style.css:-
Styling of HTML pages
Done with HTML and CSS, now we will create our servlets:-
1. LoginServlet.java:-
This checks the login details and make user authenticated corresponding to it.
2. LogoutServlet.java:-
This logouts the user given he was authenticated earlier.
3. VaultServlet.java:-
This checks the authentication and returns corresponding html (open.html for authenticated and close.html for unauthenticated).
3.web.xml
For Servlet mappings
Exploring our Project in web browser
Done with all the coding, now its time to check our code running:-
To run the project in eclipse IDE we follow these steps:-
1. Select your project by clicked on its name directory in projects panel.
2. Click on Run -> Run as -> Run on Server.
3. Here, we will select Tomcat server, then click on next.
4. Here, our project will already be added in configured state, we can do this, if not done so by clicking on button.
5. Click on Finish.
Our project will now being served on the localhost server on defined port ( by default 8080).
1. Open any web browser and hit to url http://localhost:8080/login.
We can see our homepage (index.html) is served.
2. We can check the current status of the vault by clicking on “Check your vault” button. We can see it shows vault in locked state.
3. Click on return to home and then click on “Log In” button. Here we will enter our username (divyaprakash) and password (rangerx) to open our vault, which if we enter incorrect prompts us to enter correct one.
4. After providing right credentials, we are served page in which vault is open. We can also verify the creation of cookies using developer tools.
5. The vault will be open for the time until we close the vault or log out, which we can verify by returning to home and again checking the current vault state.
6. Now, if we log out or close our vault, our vault state changes to close state until we again log in. This can also be verified as inspecting this time, there would be no cookie present.
7. As our all steps are complete, we can switch off our server by navigating to Window -> Show View -> Servers. Here right click on running server and click on stop.