I have a trouble dealing with authentication functionality the way it's defined now, so I'm asking for your guys opinions. In order to get connection from the pool I need to perform an authentication inside of UuDbPool::getConnection(). In order to do that I need to pass login, password, server and sessionid to the getConnection(). I cannot get those parameters from DB b/c connection will be opened only after authentication in the pool. So where do I get them? sessionid is no problem, I get it from HttpSession. I can save login, password, server in HttpSession object after successful login/registration, but I don't think it's a good idea. If I save userid in session, then I need a DB connection to get login, password, server from DB, but the connection is not available for reason I explained above. If I use sessionid as the key parameter to get user credentials(which is the best way since I won't need to save anything in HttpSession), then we need sessionid in regular(not temporary) table in DB, but still need the connection before calling getConnection(). But in this case, if we change login() stored procedure to get only sessionid as the parameter, we won't need a connection to DB before calling getConnection(). Imho it's ok to have sessionid as the only parameter to login(). The authentication will be done at login time, sessionid will be saved in DB for this user, then login() will check if user exist using sessionid the same way as it's done now using login parameter. session_info table can't have more than one record anyways. Another question about not-logged-in users. The way things defined now, not-logged-in users can never get a connection to DB. Per specs we are going to have some pages available for those kind of users, I'm sure we'll still need to get data from DB for those pages, for example in left navigation bar or in Repository. How are we going to deal with that?
Authoright © Total Knowledge: 2001-2008