I would like to learn a technique to keep track the number of login attempts by a user using session variables. If the user exceed the maximum login attempts, then the account is suspended.
Created May 4, 2012
Serge Knystautas
This is pretty easy to accomplish by simply storing an Integer object in the HttpSession object. Here's some sample code for the login processing code...
<% String username = request.getParameter("username"); String password = request.getParameter("password"); if (loginValid(username, password)) { //Continue with a successful login return; } else { //Check whether we've exceed the count and possibly update Integer counter = (Integer)session.getAttribute("invalid_login_counter"); if (counter == null) { counter = new Integer(1); } else if (counter.intValue() > 3) { //Block the account return; } else { counter = new Integer(counter.intValue() + 1); } session.setAttribute("invalid_login_counter", counter); } %>