JSP Login

Similar Messages

• Servlet Jsp Login Problen

  Consider 4 pages
  default.jsp          -          Default page     -     Provides link to update.jsp
  Update.jsp          -          Update Page          -     User came through default page
  login.jsp          -          Displays html      -     Two Input tags user & pass
  check Servlet     -          Authentication     -     Validates userid & pwd from database
  what I want to do ?
  1     User clicks on update link on default page
  2     update checks for session as
            String user = (String) session.getAttribute("user");
            if( user == null )                    
                 response.sendRedirect("/login.jsp");
  3     Now login.jsp displays the HTML form with action = /servlet/check          
  4     check servlet revceives values user & pass from HTML response & validates through
       database
  5     Now if validation succedes it must redirect to the actual page that user had
       requested for ultimately i.e update.jsp
  6 HOW MANY WAYS I CAN DO THIS
  7      Problem becomes more serious when along with login & check other intermediate
       servlets are also there.
  8     The final problem is
       1     Update.jsp receives request data from some HTML form but checks for user
            from session object.
       2     If found null redirect to login page
       3     The above prob. now repeats but the point is after authentication
            the check servlet not only redirects to the actual requested page but
            also supplies the data that update.jsp has received
  Please reply soon

  Thanx Sir!
  But i want to have a more generic solution
  like using <jsp:fordward> & <jsp:param> etc
  but i want it so generic that it can be done in ASP/ JSP
  preferably without using queryString
  And the main point is this problen
  request.setAttribute() is not working
  I am uploading the code
  CODE:
  default.jsp     Update
  update.jsp     String user = (String) session.getAttribute("user");
            if( user == null )     {
                 String look_for = request.getRequestURI();
                 request.setAttribute("look_for",look_for);
                 response.sendRedirect("/login.jsp");
  login.jsp     String req = null;
            req = (String)request.getAttribute("req");
            //out.print(req); --> Error Printing null
            request.setAttribute("req", req);
            <form----
            >
            response.sendRidirect("/servlet/check");
  check     
       String user = null;
  String look_for = (String)request.getAttribute("req");
  if(look_for == null)     {
            request.setAttribute("req", look_for);
       response.sendRedirect(request.getHeader("HTTP_REFERER"));
  if(user != "Hemant") {
  request.setAttribute("req",look_for);
  response.sendRedirect("/login.jsp");
  HttpSession session = request.getSession();
  session.setAttribute("user","Hemant");
  response.sendRedirect(look_for);
  out.close();     

• Jsp Login Form

  Hi All,
  I am new to JSP. Please send me a JSP Login Form Validatio with DB.
  Regards,
  Gokul.

  Validation.jsp whats the error in that
  <%@ page language="java" import="java.sql.*,java.io.*,java.lang.*,java.util.*,com.login.users.*" %>
  <jsp:useBean id="user" class="com.login.users.Users" />
  <%@ page contentType="text/html;charset=windows-1252"%>
  <html>
  <head>
  <% Connection cc = user.connect();
  String username = request.getParameter("j_username");
  String password = request.getParameter("j_password");
  ResultSet rs = user.validateUser(cc);
  %>
  </head>
  <body>
  <%
  while(rs.next()){
  String u1 = rs.getString("name");
  String p1 = rs.getString("Password");
  if (u1.equals(username) && (p1.equals(password))){
  break;
  %>
  <jsp:forward page="err.html" />
  <%}
  out.println("You Are a Valid User");
  user.disconnect();
  %>
  </body>
  </html>
  my mail id is [email protected]

• JSP Login Page is slow in 11.5.10.2

  Hi,
  JSP Login Page is slow in 11.5.10.2 . But If we login through form login (dev60cgi/f60cgi).
  Forms are working fine, No issue from the DB Side.
  We have bounce the Apache and clear the cache as well , but no luck.
  Pls give us some pointer on this.
  Regards,

  Hi,
  It is a clone Instance..Did you review the log files?
  I have one doubt.. If we have lacs record in WF_NOTIFICATION..will the performace get impact bcz of this.It may have an impact on the performance, but I believe it should not affect the main login page.
  Regards,
  Hussein

• Customized JSP Login

  I am trying to write a customized JSP login portlet. Where do I
  get site2pstoretoken and subscribername values from? I have
  looked at some examples, but they were all PL/SQL, and both
  site2pstoretoken and subscribername were input args to the
  procedure.
  Thanks,
  Gary

  Hi
  I need to have Customized login page
  Can you please tell me d path i.e where should i copy d Customized login page(JSP)
  Please its urgent.................

• New to jsp, login page errors

  Hi
  I'm totally new to using jsp and as part of a project I need to create a login page which compares the
  entered email and password with those contained in a database.
  I've created the java code and jsp pages, there's no obvious errors (to me anyway) but everytime I try to run it I get the same error.
  The code for the login page is:
  <%@page contentType="text/html" pageEncoding="UTF-8"%>
  <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
  "http://www.w3.org/TR/html4/loose.dtd">
  <html>
  <head>
  <body>
  <form action="validate.jsp" method="POST">
  email address - <input type="text" name="emailAddress">
  <br>
  password - <input type="password" name="passWord">
  <input type="submit" value="Submit">
  <input type="reset" value="Reset">
  </form>
  <br>
  new customer? To sign up <a href="new%20customer.jsp">Click here</a>
  </body>
  </html>The validation page code is:
  <%@page contentType="text/html"%>
  <%@page pageEncoding="UTF-8"%>
  <%@page import="java.util.*" %>
  <jsp:useBean id="idHandler" class="org.login" scope="request">
      <jsp:setProperty name="idHandler" property="*"/>
  </jsp:useBean>
  <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
  "http://www.w3.org/TR/html4/loose.dtd">
  <html>
      <head>
          <body>
              <%
              String username=(String) session.getAttribute("username");
              String password = (String) session.getAttribute("password");
              String emailAddress = request.getParameter("emailAddress");
              String passWord = request.getParameter("passWord");
              if (idHandler.authenticate(emailAddress, passWord)) {
                  response.sendRedirect("index.jsp");
              } else {
                  response.sendRedirect("login.jsp");
              %>
      </body>
      </head>
  </html>and the java code is:
  package org;
  import java.io.IOException;
  import java.sql.Connection;
  import java.sql.PreparedStatement;
  import java.sql.ResultSet;
  import java.sql.SQLException;
  import javax.naming.Context;
  import javax.naming.InitialContext;
  import javax.naming.NamingException;
  import javax.sql.DataSource;
  public class login {
      private DataSource getJdbcConnectionPool() throws NamingException {
          Context c = new InitialContext();
          return (DataSource) c.lookup("java:comp/env/jdbc/connectionPool");
  //method that is called from validateuser.jsp and this checks for the authentic user and
      public boolean authenticate(String emailAdd, String pass)
              throws SQLException, IOException, IOException, NamingException {
          String emailAddress = null, Password = null;
          // connection instance
          Connection connection = null;
          try {
              DataSource dataSource = getJdbcConnectionPool();
              connection = dataSource.getConnection();
              String sql = "SELECT emailAdd, pword FROM customer WHERE emailAdd='" + emailAdd + "'" + "AND pword='" + pass + "'";
              PreparedStatement ps = connection.prepareStatement(sql);
              ResultSet rs = ps.executeQuery();
              if (rs.next()) {
                  emailAddress = rs.getString("emailAdd");
                  Password = rs.getString("pword");
              if (emailAddress != null && Password != null && emailAddress.equals(emailAddress) && pass.equals(Password)) {
                  return true;
              } else {
                  return false;
          }finally  {
              // close the connection so it can be returned to
              // the connection pool then return the list           
              connection.close();
  }finally the error message I get is:
  type Exception report
  message
  description The server encountered an internal error () that prevented it from fulfilling this request.
  exception
  org.apache.jasper.JasperException
       org.apache.jasper.servlet.JspServletWrapper.handleJspException(JspServletWrapper.java:460)
       org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:373)
       org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:329)
       org.apache.jasper.servlet.JspServlet.service(JspServlet.java:265)
       javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
  root cause
  java.lang.NullPointerException
       org.login.authenticate(login.java:56)
       org.apache.jsp.validate_jsp._jspService(validate_jsp.java:76)
       org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:98)
       javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
       org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:331)
       org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:329)
       org.apache.jasper.servlet.JspServlet.service(JspServlet.java:265)
       javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
  note The full stack trace of the root cause is available in the Apache Tomcat/5.5.26 logs.
  help?

  login.java:56 is:
  connection.close();right? So, it looks like the call to getJdbcConnectionPool within authenticate throws an exception and control is passed to the finally block where connection is still null, resulting in the NPE. You should probably catch any exceptions thrown by the lookup for your datasource so you can see what the "real' error is.

• JSP: Login Authentication

  Hi All,
  I am trying with my below JSP code to validate the username and password which enter from my page by verifying with the username and password in Microsoft Access database.
  I never get any error alert with that code, but i also get blank on my page instead.
  The code are below:
  <html>
  <head>
  <title>Welcome to the online Auction...</title></head>
  <body>
  <%@ page language ="java" import = "java.io.*" import = "java.lang.*" import = "java.sql.*" %>
  <% try
       String strUsername = request.getParameter("username");
       String strPassword = request.getParameter("password");
       Class.forName ("sun.jdbc.odbc.JdbcOdbcDriver");
       Connection myConn = DriverManager.getConnection("jdbc:odbc:Driver={MicroSoft Access Driver (*.mdb)};DBQ=C:/Auction/Auction.mdb");
       Statement myStatement = myConn.createStatement ();
       String strSQL = "SELECT [UserName], [Password] FROM  tblUserDetails";
       ResultSet myResult = myStatement.executeQuery(strSQL);
       String strUser = myResult.getString("UserName");
       String strPass = myResult.getString("Password");
       while(myResult.next())
       if(strUsername.equals(strUser) && strPassword.equals(strPass))
                      out.println("Login Successful!");
                  else
                      out.println("Login Fail!");
       myConn.close();
       catch(Exception e){}
  %>
  </body>
  </html>Could you please advise what is the problems?
  Kimsan

  Also make sure that your database actually contains any users. Otherwise your little "while(result.next())" loop will never run.
  In fact, the way you have written the code is not too smart. Your SQL selects all users and iterates them. As the number of users grow, the time to iterate all the users increase. Instead your SQL should just see if there is a record with the given user name and password. The code would be better like this:
  <% try
  String strUsername = request.getParameter("username");
  String strPassword = request.getParameter("password");
  Class.forName ("sun.jdbc.odbc.JdbcOdbcDriver");
  Connection myConn = DriverManager.getConnection("jdbc:odbc:Driver={MicroSoft Access Driver (*.mdb)};DBQ=C:/Auction/Auction.mdb");
  String strSQL = "SELECT [UserName], [Password] FROM
  tblUserDetails where [UserName] = ? and [Password] = ?";
  PreparedStatement statment = myConn.prepareStatement(strSQL);
  statement.setString(1, strUserName);
  statement.setString(2, strPassword);
  ResultSet myResult = statementexecuteQuery(strSQL);
  if(myResult.next()){
  out.println("Login Succesful! A record with the given user name and password exists");
  } else {
  out.println("Login Failed. No records exists with the given user name and password");
  result.close();
  statement.close();          
  myConn.close();
  } catch(Exception e){
  out.println(e);
  %>

• Jsp login form code

  hi all
  i am a student and new to jsp
  imy problem is that i want to create a login form and have a page that validates the username and password ... i have tried this but i am gettin errors with my sql line . can any1 help me out
  i have pasted the sql line below
  ResultSet rs = stmt.executeQuery("SELECT username,password FROM myusers WHERE username='"+request.getParameter("username_signin") + "' AND password=PASSWORD('"+request.getParameter("password_signin")+"')");
  thanks

  hi i also have similar problem to avoid the ' or1=1 that simple hacking code.
  i try to use ur method but i nt too sure abt the prepare statement , pls help thanks.
  <%@page contentType="text/html"%>
  <%@page import="java.sql.*"%>
  <html>
  <head>
  <title>Check Login</title>
  </head>
  <body>
  <%
  //String varName=request.getParameter("userName");
  //String varPass=request.getParameter("userPass");
  String DRIVER = "sun.jdbc.odbc.JdbcOdbcDriver";
  Connection con = null;
  String nextPage = null;
  try {
       // set up the DSNless connection to the EJewel.mdb database
       String source = "jdbc:odbc:Driver={Microsoft Access Driver (*.mdb)}; DBQ=C:\\Program Files\\Apache Software Foundation\\Tomcat 5.5\\webapps\\ROOT\\assess20\\assess.mdb";
       // Open a Database connection with the Driver
       Class.forName(DRIVER);
       con = DriverManager.getConnection(source);
  // Create sql string to check whether userName is found in database
       //String sql = "Select * from Customers where userName='" + varName + "' and userPass='" + varPass + "'";
       PreparedStatement stmt = con.prepareStatement("SELECT * from Customers WHERE username= 1 AND password='2");
  stmt.setString(1, request.getParameter("userName"));
  stmt.setString(2, request.getParameter("userPass"));
       // Create statement to connect to Connection
       Statement stmt=con.createStatement();
       // Execute result set on sql string
       ResultSet rs=stmt.executeQuery(PreparedStatement);
       String userPass = "foobar";
  MessageDigest mdAlgorithm = MessageDigest.getInstance("MD5");
  mdAlgorithm.update(userPass.getBytes());
  byte[] digest = mdAlgorithm.digest();
  StringBuffer hexString = new StringBuffer();
  for (int i = 0; i < digest.length; i++) {
  userPass = Integer.toHexString(0xFF & digest);
  if (userPass.length() < 2) {
  userPass = "0" + userPass;
  hexString.append(userPass);
  // We now have a unique MD5 Hash of original input
  out.print(hexString.toString());
            if (rs.next())
            out.print("Exist");
            session.setAttribute("loginStatus", "login");
            session.setAttribute("userName", varName);
  session.setAttribute("userPass", varPass);
  nextPage="ShowMain.jsp";     
            else
            //out.print("Does not exist");
            nextPage="Showlogin.htm";
       // close the resultset and statement     
  rs.close();
  rs = null;
  stmt.close();
  stmt = null;
       } // end try
       // catch for 3 exceptions
       catch (ClassNotFoundException cnfe) {
  out.println ("Could not create driver " + cnfe.getMessage ()) ;
       catch (SQLException sqle) {
  out.println ("Could not connect to database " + sqle.getMessage ()) ;
       catch (Exception excpt) {
  out.println ("Could not connect to database, general error " + excpt.getMessage ()) ;
  } // end all catch
       // finally to close connection
  finally {
  if (con != null) {
  con.close();
  } // end finally
  %>
  <jsp:forward page="<%=nextPage%>"/>
  </body>
  </html>

• Jsp login forum help

  Hi everyone, i have the bean class User.java below and i want to create the basic authentication login , when the user login successful the welcome page will be display depend on the type of user. For example, if the user type is teacher so he/she can create the new student username and password. Could anyone help me to do that. Please explain more detail since i am a newbie for jsp.
  Thank you.
  public class User {
  public User() { }
  public String getUserName() { return name;}
  public String getPassword() {return password;}
  public String userType () {return type;}
  public void setUserName(String name ) { this.name = name;}
  public void setPassword (String password) {this.password = password;}
  public void setType (String type) {this.type = type;}
  private String name;
  private String password;
  private String type;
  }

  The thing is i haven't using database before and i didn't have any database in the server, assume that i using hashtable to store the users detail. Could you please give me the example code.
  Here is my login.jsp
  <p>
  <form name="loginForm" method="post" action="process.jsp">
  <p align="center"><strong><font size="4">LOGIN</font></strong> </p>
  <table width="24%" border="0" align="center" cellpadding="0" cellspacing="0" bgcolor="#FFFFFF">
  <tr>
  <td bgcolor="#FFFFCC"><div align="right">User name</div></td>
  <td bgcolor="#FFFFCC"><div align="center">
  <input name="username" type="text" id="username">
  </div></td>
  </tr>
  <tr>
  <td bgcolor="#FFFFCC">
  <div align="right">Password</div></td>
  <td bgcolor="#FFFFCC"> <div align="center">
  <input name="password" type="password" id="password">
  </div></td>
  </tr>
  <tr>
  <td bgcolor="#FFFFCC">
  <div align="right">
  <input name="usertype" type="checkbox" id="usertype" value="checkbox">
  Staff </div></td>
  <td bgcolor="#FFFFCC">
  <div align="center">
  <input type="submit" name="login" value="Login">
  <input type="reset" name="clear" value="Clear">
  </div></td>
  </tr>
  </table>
  <p align="center">Staff's ID: teacher<br>
  Staff's password: pass<br>
  You must check the staff checkbox to login as clerk.</p>
  </form>
  </p>
  So what i need is when the user input staff id, password and the check box, the page will check the correct authentication and the process to the new page, for example the teacher page that have another form to create the student authentication. When the student user created the student can login using the same form as the teacher's login form but this time will forward to the student's page. Also how can i use session to keep track of the user logged in, for example when the student logged successful, he/she can view her mark or do some task and can logout (which is clear the session).
  Thank you so much.

• NEWBIE - creating a simple JSP login page

  Hi guys,
  I am really really stuck, and I would be so grateful if you guys could help me in any way. I am creating a simple application, but as part of the application i have to create a login / logout sub-application. It needs to verify the username and password by looking up a database in mySQL. I've had a look around on the internet to see if there is any simple way of doing it, but i can't understand most of it. I'm really new to JSP and only know how to do simple statement like <c:choose> and stuff like that. If anyone can help me in any way to create as simple a login / logout application that verifies the username and password from a database, I would be ever so grateful, thank you!
  Just to let you know, the security-roles and all that stuff together with the <tomcat-users> stuff has already been set up.
  I found this code by the author brain.compression, which seems to very useful, I've not tried it out yet, but was wondering, if somebody could help me split the code up into the separate JSP pages i will need, as I am not too sure which bits of the code need to go on what pages.
  Thank you to anyone that can help me out and thanks for brain.compression for providing this code. I'm sorry for posting this in a forum not related to JSP, its just that I am a complete newbie to JSP and nobody in that forum is helping me.
  brain.compression's code starts here...
  First for the page you are requesting you would need a verify if the user is logged in or not:
  <c:if test="${existingUser==null}">
  <jsp:forward page="login.jsp">
  <jsp:param name="origURL" value="${pageContext.request.requestURL}"/>
  <jsp:param name="errorMsg" value="Please log in first" />
  </jsp:forward>
  </c:if>
  This will redirect you to the login page:
  <font color="red">
  ${fn:escapeXml(param.errorMsg)}
  </p>
  </font>
  <form method="post" action="authenticate.jsp">
  <table>
  <tr>
  <td>Please Enter the following information to log in:</td>
  </tr>
  </table>
  <table>
  <tr>
  <td>User ID:</td>
  <td><input name="userid" value="${fn:escapeXml(cookie.userid.value)}"></td>
  </tr>
  <tr>
  <td>Password:</td>
  <td><input type="password" name="password" value="${fn:escapeXml(cookie.password.value)}"></td>
  </tr>
  </table>
  After that you have to verify with your DB if the login info provided is correct:
  %-- Removing any scoped variables --%>
  <c:remove var="existingUser" />
  <c:if test ="${empty param.userid || empty param.password}" >
  <c:redirect url="login.jsp">
  <c:param name="errorMsg" value="Please enter a User Id and Password." />
  </c:redirect>
  </c:if>
  <%-- Checking if User Id and Password are valid --%>
  <sql:query var="anyvariable" dataSource="${data}">
  SELECT * FROM table WHERE user_id = ? AND pass = ?
  <sql:param value="${param.userid}"/>
  <sql:param value="${param.password}"/>
  </sql:query>
  <c:if test="${anyvariable.rowCount == 0}">
  <c:redirect url="login.jsp">
  <c:param name="errorMsg" value="Invalid User Id or Password"/>
  </c:redirect>
  </c:if>
  Also can somebody tell me if i am right. Do I need to create a page called login.jsp to put the actual form on, and a page called authenticate.jsp to verify the username and password are correct? Finally i see that brain.compression has used a variable called existingUser but has he actually declared it anywhere. Thanks again for anybody that can help me out!

  i am still a jsp noobie but i have done some applications using html javascript php asp and other languages. What you want to do is take the data from the login form then compare that to the db see if it actually exist and has the correct info. From there you want to write a cookie to the users computer to hold the username and password, which will be checked for at the begining of every page verifying it in the database. This is how i have done password verification in the past and it works fairly well and unless your server gets hacked your pages should be secure.

• Jsp Login problem

  i am using jsp for a login functionality.
  in which i am accepting username and password from user.
  but if user press back button after loging in the first page is displayed
  it should not be .
  i require in pure java. i also even tried for the sessions
  please provide a solution for me

  Implement a Filter. You can search around using the keyword "LoginFilter" or "UserFilter" to find examples.

• JSP Login Example

  Hi,
  Does anybody have an example I can work off of? I am trying to create a user login page and have the user names and passwords stored into a MYSQL database.
  Thanks,
  Joe

  To be honest I don't know too much about this topic either, so I can't really give you much technical help. However, here is a link to the relevant part of the JSP tutorial from the Sun site: http://java.sun.com/j2ee/1.4/docs/tutorial/doc/Security5.html
  Also, you shouldn't need to store the usernames and passwords in an XML file. I'm not sure exactly how to work this; the tutorial page I linked to has many helpful links that can probably explain this better than I can.

• Illegal State Exception in JSP login

  I had a working log in/check password systems for a low security application. User types in username and password and this is sent to the checkpassword.jsp. Using Server variables I counted the number of attempts and if it was more than three, they were not allowed to try again that session. When I moved this page to newer version of Tomcat running in Apache rather than over IIS, my simple counting function no longer works and I can't for the life of me understand why I'm getting an Illegal State Exception with the following code:
  java.sql.ResultSet RS=statement.executeQuery("Select WUUSER, WUPWD FROM WEBUSER WHERE WUUSER='"+ (request.getParameter("username").toUpperCase()) + "' AND WUPWD= '" + (request.getParameter("password")) +"'");
  HttpSession ViewProtectedPage = request.getSession(true);
  HttpSession UserSession = request.getSession(true);
  if (RS.next())
  ViewProtectedPage.putValue("password","correct");
  //HttpSession UserSession = request.getSession(true);
  //allows username to be entered in upper or lower case
  UserSession.putValue("username",(request.getParameter("username")).toUpperCase());
  response.sendRedirect("tracking.jsp");
  else
  ViewProtectedPage.putValue("password","false");
  if (ViewProtectedPage.getValue("trycount")==null) {
  ViewProtectedPage.putValue("trycount","1");
  response.sendRedirect("loadtrackbadlogin.html");
  if (ViewProtectedPage.getValue("trycount")=="1") {
  ViewProtectedPage.putValue("trycount","2");
  response.sendRedirect("loadtrackbadlogin.html");
  if (ViewProtectedPage.getValue("trycount")=="2") {
  ViewProtectedPage.putValue("trycount","3");
  response.sendRedirect("loadtrackbadlogin.html");
  if (ViewProtectedPage.getValue("trycount")=="3") {
  response.sendRedirect("noentry.html");
  RS.close();
  It works fine if the user uses the proper username and password but crashes on me if they use the wrong info. I think it has something to do with my initialization of the user variables.

  I don't know that this is the root cause of your problem, but it certainly could be. When comparing two strings, you need to use the .equals() method, not ==.
  (except in the null case, where checking for null with == is perfectly okay).
  if (ViewProtectedPage.getValue("trycount").equals("1")
  ..etc
  Some other notes... use if/else if/else rather than a whole bunch of ifs, since all your statements are mutually exclusive. Maybe even put those lower ifs inside your outer "else" since you're obviously not going to reach them after a sendRedirect(). On that same note, place a return; after the sendRedirect() to state that the rest of the page need not be loaded/executed.

• JSP Login Validate

  How to validate the user when the logon to mysql

  write a sql query which fetches the password against a entered username and then compare that password with the entered password by user.If both matches then in otherwise exit.
  Is that what you wanted or something else.Please be clear when you post a question.

• Login JSP losing Session

  I have a Login JSP which talks to a Servlet which then passes the login request to a Bean. In the Bean I save the login information in the Session, if the login fails I am trying to 'forward' to the Login JSP page again. On the Login JSP there is an 'errorText' field that gets the errorText Property from my Bean. However, when the 'getErrorText' method is called by the JSP I seem to have a new Session and have lost all of my login information.
  What have I done wrong ? I have tried setting the 'scope' of the Login JSP to session and the application but with no result.
  How can I ensure that when I re-display the Login JSP with an error message on it that I am using the Session (and copy of my bean) that I had when I set the properties ?
  Sarah.

  have the code for setting the session values in the servlet that comes after the JSP login page.
  in the jsp login page try to retreive the session values for the user name and the password.
  store these values in the name and password variables.
  for the first time it'll be null and an exception will be thrown. so in the catch block, set the value of the name variable and the password to null string ie "" and set these values as the values of the textfields (for user name and password). also in the catch block, set the error message string also . this one u can use to display when u r redirected to the JSP login page by the servlet. if first time, then set it to null string "".
  but assuming that the JSP page has been called from the servlet when an error occured i.e when the server cannot recognize the user name and password combination, the session variables for the user name and the password won't be null and u can use these values to be displayed in the respective textfields.
  so when the user name and password cannot be recognized by the server, just call the same JSP login page.
  hope that clears a bit of ur doubt!!
  rgds
  JP