I really don't know if this is the appropriate place to post this question (I already got rejected from the Oracle forum), but I've run into a very interesting problem.

I administer a website that runs on Apache Tomcat 6.0, using JSP pages, and interfaces with an Oracle 10g database using the JDBC Thin client driver. We require our users to log in before they can gain access to the website, so we decided to let Oracle manage most of that. Each user has an Oracle account, and we have it set for their accounts to become locked after three failed logins.

When I test this out using SQL Plus or SQL Worksheet, accounts do indeed become locked after three failed logins, which is great. However, when I create a connection in our JSP page, accounts become locked after only two failed logins. After some extensive testing by changing the # of failed logins allowed in Oracle, it seems as if the connection via JSP actually tries to log in TWICE. Here is my connection code:

DriverManager.registerDriver((Driver) Class.forName("oracle.jdbc.driver.OracleDriver").newInstance());
conn = DriverManager.getConnection(dataBase, oracleID, tempPass);
That is wrapped inside of a try/catch block that catches the SQLExceptions, so I can figure out if the account is valid or not.

I have worked around the issue by setting the # of failed logins to 5, but that does not follow the letter of our requirement, so I am wary to keep it this way.

Does anyone know why the getConnection() function seems to attempt two logins instead of one? At least Oracle is tracking it that way. So bizarre!