This function can be called from the client to instantiate a session. No cookie is being send back.
The caller is responsible for dispatching the correct request.
This can be accomplished via req.getRequestDispatcher(path).forward(req,res);
req - the HttpServletRequest
res - the HttpServletResponse
u - the user
null, if no error condition occurred, or a string containing the error message which should be written back to the client;
Checks the user. Compares the password and checks whether the user is active.
If one of the check fails an Exception is thrown. If the password is not correct an unsuccessful login
will be recorded but only if parameter ignoreUnsuccessfulLogin ist not true.
userId - the id of the user
passwd - the passwd
clientAddr - the ip address of the client
ignoreUnsuccessfulLogin - if true unsuccessful logins will not be recorded