| Name: |
User Authentication |
| Defining Qualities: |
- Given a username and password, authenticate user
- Provide a means for the user to be authenticated from page to page without re-entering username/password
- Provide a means to log out after use
|
| Behaviors: |
Login |
- Upon login, check username and password against user table in database
- If match, enter username and timestamp into 'login' table in database
- Secondly, construct cookie with username and timestamp information
|
| Authentication |
- After initial login, for every page requested, check cookie for username
- If username found in login table with valid timestamp, send page, otherwise, send login page
|
| Logout |
- At logout, remove login info from 'login' table in database; even if the user fakes a cookie, authentication will fail on server side
- Reason for design choice: Generally, a level of security is chosen that best fits the purpose. For this purpose, secure sockets is too much, but username passing between pages without backend authentication is too little of security
|
|
