From f1c3a73dde219fb47cac16e89f499b3a8f495778 Mon Sep 17 00:00:00 2001
From: Azzahid <13514095@std.stei.itb.ac.id>
Date: Wed, 30 Nov 2016 15:51:42 +0700
Subject: [PATCH] add information to token

---
 IdentityServices/src/java/loginPackage/LoginServlet.java | 8 ++++++--
 StackExchangeClient/web/login.jsp                        | 3 ++-
 2 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/IdentityServices/src/java/loginPackage/LoginServlet.java b/IdentityServices/src/java/loginPackage/LoginServlet.java
index 9269f38..4fa0b8e 100644
--- a/IdentityServices/src/java/loginPackage/LoginServlet.java
+++ b/IdentityServices/src/java/loginPackage/LoginServlet.java
@@ -28,6 +28,8 @@ import javax.servlet.RequestDispatcher;
 public class LoginServlet extends HttpServlet {
     private static final long serialVersionUID = 1L;
     public String userid;
+    public String agent = "";
+    public String userIP = "";
     
     @Override
     protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
@@ -37,6 +39,8 @@ public class LoginServlet extends HttpServlet {
         String pass = request.getParameter("password");
         String token = "";
         String message = "";
+        agent = request.getParameter("userAgent").toString();
+        userIP = request.getRemoteAddr();
         /*if(user != null && pass != null && !user.equals("") && !pass.equals("")){
             try {
                 //creating connection with the database 
@@ -79,14 +83,14 @@ public class LoginServlet extends HttpServlet {
         }
         response.addHeader("token", token);
         response.addHeader("message",message);
-        response.addIntHeader("expiryTime", 3);
+        response.addIntHeader("expiryTime", 30);
         response.flushBuffer();
     }
     
     public String getToken(){
         Random random = new SecureRandom();
         String token = new BigInteger(130, random).toString(32);
-        
+        token = token + '#' + agent + '#' + userIP;
         return token;
     }
     
diff --git a/StackExchangeClient/web/login.jsp b/StackExchangeClient/web/login.jsp
index 66e7c1c..28e5c22 100644
--- a/StackExchangeClient/web/login.jsp
+++ b/StackExchangeClient/web/login.jsp
@@ -13,6 +13,7 @@
 <%  
     String user = request.getParameter("username");
     String pass = request.getParameter("password");
+    String agent = request.getHeader("User-Agent");
     String error = "";
     
     if(user != null && pass != null && !user.equals("") && !pass.equals("")){
@@ -25,7 +26,7 @@
         // Send POST output.
         connection.setRequestMethod("POST");
         java.io.DataOutputStream printout = new java.io.DataOutputStream(connection.getOutputStream ());
-        String content = "username=" + user + "&password=" + pass;
+        String content = "username=" + user + "&password=" + pass + "&userAgent=" + agent;
         printout.writeBytes (content);
         printout.flush (); 
         printout.close ();
-- 
GitLab