Hello, I have interesting problem with an authentication. I use a JDBCRealm. I have a protected area. When a user comes to the protected area, server redirects the user to the login page. If the user knows his user name and password, he writes it and submits login form. If the user does not know user name and password, he clicks link on the login page to the "register page". On the register page, he creates new user account - he types login name, password (twice) and e-mail. After submition of the HTML form, my JSP does some checks - similarity of passwords, individuality of user name, etc... If everything is OK, registration is successful - JSP writes user name, password and e-mail into the users table in DB. If not, registration fails and user comes back to the registration page. Problem is, that in the case of successful registration, user must go back to the login page and log into the application. He must type username and password again. But I have all information to login user into protected area on the server (user types it during the registration). Can I write any server side code, that log in the user, if I have his login name and password from the registration form and I'm sure, that user name and password are correct and registration is successful? There is idea create login form on the server and fill login name and password on the server. Bud I think that writing of password into HTML source and sending it to a WWW browser is not secure.
Thank you. Lipi --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]