1. Create a web page (index.html) which contains a typical Registration form (e.g. the user submits a username and password to create a new account.

2. Create a servlet (RegistrationServlet) which receives the request from the Registration form and retrieves the username and password request parameters. Perform some simple test on the username and password. For example, check their length.

3. If the test fails send the user back a HTML page which includes a message explaining why the registration failed.

4. If the test passed, use the RequestDispatcher to direct the user to the Login page. Usage is like: RequestDispatcher rd = request.getRequestDispatcher("skills.html"); rd.forward(request, response);

5. On the Login page, the user must fill a form with their username and password, as well as additional inputs - a text input to get their email address, and a checkbox indicating whether they wish to be contacted by email for marketing purposes.

6. On submission of the Login form, the request is to be processed by a Login servlet. In this servlet you can do a (hard-coded) test to verify the username and password. If the test fails, redirect to the Login page again. If the test passes, add the username, email address and marketing preference to the Session object as attributes.

7. Redirect to a servlet where the session attributes are retrieved from the session object, and inserted into the HTML output back to the user, effectively just confirming that they are logged in successfully and what their preferences are.