我已阅读How to implement “Stay Logged In” when user login in to the web application。我有两个问题,主要是关于HttpServletRequest#login()。
问题1:user返回的userDAO.find()不为空,是否意味着
用户名和密码是否正确,用户应该登录?
问题2:HttpServletRequest#login如何验证用户?
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
// TODO Auto-generated method stub
String username = request.getParameter("username");
String password = request.getParameter("password");
User user = userDAO.find(username, password);
if (user != null) { // If true , does it prove the username and password is correct?
try {
/* Why call request.login() here? I think the client has been
* validated if user!=null. What's the use of this line?
*/
request.login(username, password);
System.out.println.("successfully log in");
} catch (Exception e) {
e.printStackTrace();
}
}