2 files changed, 10 insertions, 3 deletions

diff --git a/WebContent/LoginSuccess.jsp b/WebContent/LoginSuccess.jsp
index e144166..32255f0 100644
--- a/WebContent/LoginSuccess.jsp
+++ b/WebContent/LoginSuccess.jsp
@@ -1,5 +1,6 @@
 <%@ page language="java" contentType="text/html; charset=UTF-8"
     pageEncoding="UTF-8"%>
+<jsp:useBean id="user" class="de.fhswf.in.inf.fit.aufgabe5.model.Account" scope="session"/>
 <!DOCTYPE html>
 <html>
 <head>
@@ -7,7 +8,7 @@
 <title>Welcome</title>
 </head>
 <body>
-	<h1>Welcome <%= session.getAttribute("username") %></h1>
+	<h1>Welcome <jsp:getProperty property="username" name="user"/> </h1>
 	<a href="LoginFormWithJpaAndJsp.jsp">Retry</a>
 </body>
 </html>
\ No newline at end of file
diff --git a/src/de/fhswf/in/inf/fit/aufgabe6/LoginServletWithJpaAndJsp.java b/src/de/fhswf/in/inf/fit/aufgabe6/LoginServletWithJpaAndJsp.java
index e5611b8..498582b 100644
--- a/src/de/fhswf/in/inf/fit/aufgabe6/LoginServletWithJpaAndJsp.java
+++ b/src/de/fhswf/in/inf/fit/aufgabe6/LoginServletWithJpaAndJsp.java
@@ -64,9 +64,15 @@ public class LoginServletWithJpaAndJsp extends HttpServlet
       // This is very insecure and can be exploited via timing attacks
       if (account != null && account.isPasswordCorrect(requestPassword))
       {
-         request.getSession().setAttribute("username", account.getUsername());
+         request.getSession().setAttribute("user", account);
 
-         response.sendRedirect("LoginSuccess.jsp");
+         // RequestDispatcher dispatcher = getServletContext()
+         // .getRequestDispatcher("/LoginSuccess.jsp");
+         //
+         // dispatcher.forward(request, response);
+
+         response
+               .sendRedirect(response.encodeRedirectURL("LoginSuccess.jsp"));
       }
       else
       {