Elegant way to implement Login page in JSP -

i'm beginner in jsp web development. have login (login.jsp) page webapp has standard login controls (eg. username, password text-boxes, remember me checkbox , login button) want attain when user provides credentials, upon submitted details, authenticate.jsp called, credentials matched database, if they're correct, session user created , if credentials incorrect. redirect user login page response.sendredirect("./login.jsp?status=fail");

on login.jsp, status parameter checked , when gives value fail have <div> below textboxes has message user name or password incorrect!, shown user upon such failure. safe send such parameters via url (for given purpose)? more appropriate or standard way implement this? also, when user visits login page first time, looking status parameter throw nullpointerexception. have entire login.jsp code checking parameter below.

    try     {         string stat = request.getparameter("status");         if(stat.equalsignorecase("fail"))             msg = "invalid username or password!";         else             msg = " ";     }     catch(nullpointerexception e)     {         msg = " ";     }     catch(exception e)     {         out.println(e);     } 

and msg string object wrote <div> mentioned. if there's no status parameter found, assumed user visiting page first time, , hence no message wrong credentials shown.

i'm feeling may not way how implemented in real systems.

correct me.

thanks.

note: while searching same query on web, of them had different jsp page failed login, while want keep single page that.

while doing professional development, better-off using security framework. both apache shiro & spring security candidates implementing security in project.