Home Projects Jobs Clientele Contact


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: User registration/authentication

sergey@total-knowledge.com wrote:
> Another thing is UuServlet::isUserLoggedIn() function.
> This function was desinged before Alexey's idea with using temporary table
> for authentication. I don't quite see the use of it now.
Don't mix up user logging into the application and server establishing
current user identity for a database session.
> isUserLoggedIn() checks if there is an entry in session_info table,
Well, this is a wrong way to do it.
>  so it
> connects to DB and has to be called after UuDbPool::getConnection(). The
> way I have it implemented now, getConnection returns NULL if
> 1. No connection in pool available even after timeout, in this case i
> don't call servlet's dispatcher and user sees "Server error" page.
> 2. login() stored proc failed. In this case con = NULL too, but I think
> I'll redirect user to the login page.
> So my idea is to return structure something like this(Connection& con, int
> failureReason) after calling getConnection().
> There is no reason to call isUserLoggedIn() after that. If con=NULL AND
> failureReason=2( login() failed ), then user not logged in. Otherwise user
> is logged in.

Ilya A. Volynets-Evenbakh
Total Knowledge. CTO

Authoright © Total Knowledge: 2001-2008