I would like to learn a technique to keep track the number of login attempts by a user using session variables. If the user exceed the maximum login attempts, then the account is suspended.

Created May 4, 2012

Serge Knystautas

This is pretty easy to accomplish by simply storing an Integer object in the HttpSession object. Here's some sample code for the login processing code...

<%
String username = request.getParameter("username");
String password = request.getParameter("password");
if (loginValid(username, password)) {
  //Continue with a successful login

  return;
} else {
  //Check whether we've exceed the count and possibly update
  Integer counter = (Integer)session.getAttribute("invalid_login_counter");
  if (counter == null) {
    counter = new Integer(1);
  } else if (counter.intValue() > 3) {
    //Block the account
    return;
  } else {
    counter = new Integer(counter.intValue() + 1);
  }
  session.setAttribute("invalid_login_counter", counter);
}
%>

I would like to learn a technique to keep track the number of login attempts by a user using session variables. If the user exceed the maximum login attempts, then the account is suspended.

Most Popular jGuru Stories