noob j_security_check question.

1. to login, i use j_security_check... but what a bout logout?
2. If i wanted to keep track on which user login at what time, how do i insert the code in j_security_check so that it will do so?

Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Oddly, logout doesn't really have a definition.

What we do is clear all the session attributes, clear the cookies, and destroy the session.  It has the desired effect.

You can't insert code into j_security_check -- it's entirely internal to Tomcat and has no public interface.

What you have to do is add code to your login handling to set data in a database, or sessions, or wherever you keep data, to keep track of your users.  We log it to a database, for example.

InNoCenT_Ch1ldAuthor Commented:
but if i define the action to be the j_security_check already, where am i suppose to add my code to?
You post to j_security_check, you never see the actual j_security_check code itself.

In your web.xml, you define the name of the page for login, and for an error in login.  The login page is just the presentation of the username/password form to the user, which is in a special location in your webapp (jsp/security/protected).   You can create cookies there, if that helps your app.

This page has a simple walk-through of how to set up form-based authentication in Tomcat:

This is a more complex discussion of it:

This one is a little easier to follow and has a nice diagram of the typical web app page setup with Tomcat login, a login page, and the login-protected web-app pages:

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Cloud Class® Course: C++ 11 Fundamentals

This course will introduce you to C++ 11 and teach you about syntax fundamentals.

InNoCenT_Ch1ldAuthor Commented:
You're welcome.

This is an area everyone has to work through, and there are a few different ways to use the login feature from Tomcat.  Post another question back on EE if you get stuck again.

Good luck!
InNoCenT_Ch1ldAuthor Commented:
i'm using jdbcrealm with digest.. but i cant get it to work. if you know how, let me know, i will open a question.
I haven't used it, but I've used login with Tomcat a lot, and I'm sure there are other people at EE with specific jdbc realm and digested password experience.  So sure, post the question.

When you do, it would help a lot if you posted the jdbc realm definition in your server.xml, the security parts of your web.xml, the login code you're trying to make work, and the error message you're getting.  Obfuscate any parts of the code you need to -- although I don't think that any of this should be an issue, unless IP addresses are involved somewhere.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.