How to implement a login page without code duplication

I am currently making a dvd browsing system using JSP / Java Servlets and am having trouble figuring out a way to make my login page a bit more efficient.

My current login system does this: When a user submits the correct email/password combination, a servlet checks to see if the combination is correct and they are redirected to a lobby page. If a password is wrong, they are sent to a /retry.jsp page which is basically a duplicate copy of the login page with an extra

stating that the password is wrong.

I recognize this is not the best way to do this but is there an alternative method of implement开发者_开发问答ing a solid login page?

EDIT I found kind of a solution to my problem albeit maybe not the best. I used the session variable to hold a value "badlogin" if the wrong username/password combination was used. If this session variable existed then the "wrong password" message would show. Any comments on this?

I haven't used JSP, but in most web app frameworks I've used it is possible to use a variable to toggle and error message in the template. You use the same page for both views, but when it is displayed for a failed attempt, an extra div is inserted with the appropriate message.

You can have your servlet validate the password:

For example:

In the login page jsp:

<%
if(request.getAttribute("passwordError")!=null){
out.print(request.getAttribute("passwordError");
}
%>

In the Servlet

if(request.getParameter("password")!=null&&request.getParameter("password").equals("correctPassword"){
// Redirect to Lobby Page
}

else{
request.setAttribute("passwordError", "Incorrect Password");
// Send back to login page
}

This will then display the password error on the login page, avoiding page duplication and the need to use sessions.

Hope this helps.

Tobias.