I would like to learn a technique to keep track the number of login attempts by a user using session variables. If the user exceed the maximum login attempts, then the account is suspended.

Serge Knystautas

This is pretty easy to accomplish by simply storing an Integer object in the HttpSession object. Here's some sample code for the login processing code...

String username = request.getParameter("username");
String password = request.getParameter("password");
if (loginValid(username, password)) {
  //Continue with a successful login

} else {
  //Check whether we've exceed the count and possibly update
  Integer counter = (Integer)session.getAttribute("invalid_login_counter");
  if (counter == null) {
    counter = new Integer(1);
  } else if (counter.intValue() > 3) {
    //Block the account
  } else {
    counter = new Integer(counter.intValue() + 1);
  session.setAttribute("invalid_login_counter", counter);