Remember me functionality using cookies

Question

I am trying to implement remember me functionality using JSF 2.0 and not sure how to implement COOKIES to do that. Can you share a working sample code?

score 2 · Accepted Answer · edited May 23 '17 at 12:29

Edit: Do not store password nor username in cookies !

See this post by BalusC for a better implementation.

I believe this might help you:

login.xhtml

<?xml version='1.0' encoding='UTF-8' ?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" 
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"
  xmlns:h="http://java.sun.com/jsf/html"
  xmlns:f="http://java.sun.com/jsf/core" 
  xmlns:ui="http://java.sun.com/jsf/facelets" 
  xmlns:a4j="http://richfaces.org/a4j"
  xmlns:rich="http://richfaces.org/rich">

<h:body>
   <h:form id="LoginForm">

<h:panelGrid id="lpg" columns="4" >
<h:outputText value="User Id"/> 
<h:inputText id="username" value="#{loginBean.userId}"/>
<h:outputText value=""/>

<h:outputText value="Password"/> 
<h:inputSecret id="password" value="#{loginBean.password}"/>
<h:outputText value=""/>

<h:outputText value=""/>
<h:outputText value=""/>
<h:outputText value=""/>
<h:outputText value=""/>
<h:selectBooleanCheckbox value="#{loginBean.checkBox}" />
<h:outputText value="Remember me" />
<h:outputText value=""/>
<h:outputText value=""/>
<h:commandButton value="Login" action="#{loginBean.doLogin}"/>

</h:form>
</h:body>

</html>

LoginBean.java

public class LoginBean {


private String userId;
private String password;
private boolean checkBox = false;
private String virtualCheck;

    // Setter and getter

    public LoginBean() {
    isChecked();
}

public void isChecked() {
    FacesContext fc = FacesContext.getCurrentInstance();
    Cookie[] cookiesArr = ((HttpServletRequest)(fc.getExternalContext().getRequest())).getCookies();
    if(cookiesArr != null && cookiesArr.length > 0)
        for(int i =0; i < cookiesArr.length; i++) {
            String cName = cookiesArr[i].getName();
            String cValue= cookiesArr[i].getValue();
            System.out.println("***cValue***"+cValue);
            if(cName.equals("cUserId")) {
                setUserId(cValue);
            } else if(cName.equals("cPassword")) {
                setPassword(cValue);
            } else if(cName.equals("cVirtualCheck")) {
                setVirtualCheck(cValue);
                if(getVirtualCheck().equals("false")) {
                    setCheckBox(false);
                    setUserId(null);
                    setPassword(null);
                } else if(getVirtualCheck().equals("true")) {
                    System.out.println("Here in doLogin() line 99");
                    setCheckBox(true);
                }
            }
        }

}

    public String doLogin() {
        if(userId != null && password!= null){
        FacesContext fc = FacesContext.getCurrentInstance();
        if(checkBox == true) {
            virtualCheck = "true";
            Cookie cUserId = new Cookie("cUserId", userId);
            Cookie cPassword = new Cookie("cPassword", password);
            Cookie cVirtualCheck = new Cookie("cVirtualCheck", virtualCheck);
            cUserId.setMaxAge(3600);
            cPassword.setMaxAge(3600);
            cVirtualCheck.setMaxAge(3600);
            ((HttpServletResponse)(fc.getExternalContext().getResponse())).addCookie(cUserId);
            ((HttpServletResponse)(fc.getExternalContext().getResponse())).addCookie(cPassword);
            ((HttpServletResponse)(fc.getExternalContext().getResponse())).addCookie(cVirtualCheck);
        } else {
            virtualCheck = "false";
            Cookie cVirtualCheck = new Cookie("cVirtualCheck", virtualCheck);
            ((HttpServletResponse)(fc.getExternalContext().getResponse())).addCookie(cVirtualCheck);
        }
                return "success";
    }

NOTE In order to save password browser will prompt to save password or not irrespective of Java Web Technologies and browsers setting and retrieving cookies will play a major role.

I tried and it works. This what I was looking for. Thanks!!! — user3680182, Jun 04 '14 at 10:37
So you're recommending that OP pass the password and username as cookies? Something that anyone with a two thumbs and a browser can view? — kolossus, Jun 04 '14 at 20:54
@kolossus : This piece of code I used for my own website and it worked. I am not sure what's the better way. Please let me know if there is some better way to implement it. I'll be glad to learn it. — dev, Jun 05 '14 at 05:08
@kolossus : Do you have any better suggestion, if so please share it. — user3680182, Jun 06 '14 at 08:13
@user3680182 - take a look at the top answer [here](http://stackoverflow.com/q/244882/1530938). While I don't believe that the username ought to be set in the cookie at all, it's closer to being secure than what we have here. The moral of the story is never, ever, ever, ever set a password in the cookie. Don't do it. This answer doesn't even suggest you hash or encrypt anything. Pretty big security risk — kolossus, Jun 06 '14 at 12:23
Also check [this](http://stackoverflow.com/questions/549/the-definitive-guide-to-form-based-website-authentication#477579) out — kolossus, Jun 06 '14 at 12:51

Remember me functionality using cookies

1 Answers1