How to Create Static Login Pages

Draft 0.1
Jan 8, 2001
Ted Lee (tlee@startups.com)

1. Applicability

Read this document when if you have already read How To Use Basic Unified Login and any of the following are true:

You want a login page that always appears in a given path through the site, regardless of whether the user is already logged in or not.
You are trying to update existing login pages so that they are compatible with unified login.

If this document doesn't meet your needs, you may want to look at:

Background

There may be some situations where you wish to handle your own login--for example, if you want a static login page that the user always goes through regardless of whether or not they have already logged in.

2. Steps for Creating Static Login Pages

Design a login page using the normal MVC model triplet (see How To Create Web Pages With Forms). The model should contain some way of returning a com.startups.business.StartupsUser object representing a user who has given a valid username and password.

In the ControllerServlet subclass for your login page, use a static method defined on com.startups.webui.StartupsLoginServlet:

protected void performPost(HttpServletRequest request,
                           HttpServletResponse response)
                           throws ServletException, IOException {
    ...
    if (theModel.isValid()) {
        StartupsUser theUser = (StartupsUser) theModel.getStartupsUser();
        StartupsLoginServlet.addUserToSession(theUser, request, response);
        ...
    }
    ...
}

Using this method ensures that the proper HttpSession key is used. The method also adds some other bookkeeping items to the session in order to maintain compatibility with some legacy code. If you do not use this method, some pieces of the site (such as the login/logout graphic in the upper right hand corner of most of our pages) will not accurately reflect the user's login status. The other thing it does is that it checks for the presence of a premium content cookie, and adds it to the user's browser if it's not found.

3. Design Discussion

There are some pages (such as Job Connection, where pages exist with combined login forms and new user addition forms) where an interstitial login page doesn't make sense. These pages handled their own login. Rather than redesign the flow of these pages to make them consistent with unified login, it was decided that there should be some way of updating these pages so that they would still use as much unified login code as possible.

Known Problems

Currently there is no way to design your own logout page and keep it compatible with unified login.

4 Version History

0.1, Jan 8, 2001. First version.