UniverseUniversity


Home Projects Jobs Clientele Contact

uu


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: User registration/authentication



I have a trouble dealing with authentication functionality the way it's
defined now, so I'm asking for your guys opinions.

In order to get connection from the pool I need to perform an
authentication inside of UuDbPool::getConnection().
In order to do that I need to pass login, password, server and sessionid
to the getConnection().
I cannot get those parameters from DB b/c connection will be opened only
after authentication in the pool. So where do I get them?
sessionid is no problem, I get it from HttpSession.
I can save login, password, server in HttpSession object after successful
login/registration, but I don't think it's a good idea. If I save userid
in session, then I need a DB connection to get login, password, server
from DB, but the connection is not available for reason I explained above.
If I use sessionid as the key parameter to get user credentials(which is
the best way since I won't need to save anything in HttpSession), then we
need sessionid in regular(not temporary) table in DB, but still need the
connection before calling getConnection(). But in this case, if we change
login() stored procedure to get only sessionid as the parameter, we won't
need a connection to DB before calling getConnection().
Imho it's ok to have sessionid as the only parameter to login(). The
authentication will be done at login time, sessionid will be saved in DB
for this user, then login() will check if user exist using sessionid the
same way as it's done now using login parameter. session_info table can't
have more than one record anyways.

Another question about not-logged-in users. The way things defined now,
not-logged-in users can never get a connection to DB.
Per specs we are going to have some pages available for those kind of
users, I'm sure we'll still need to get data from DB for those pages, for
example in left navigation bar or in Repository. How are we going to deal
with that?






Authoright © Total Knowledge: 2001-2008