Single login and single threaded models - Java and PHP
Archive - Originally posted on "The Horse's Mouth" - 2008-01-04 21:32:50 - Graham EllisOn Apache Tomcat courses, I find myself explaining "single login" models and on some Java courses I explain single threaded models. In both cases, there are times that newcomers to the technologies ask "does it matter".
Answer - for a small and quiet application suite, probably not - but as the application suite grows, a single login to cover all applications is a boon to your users, and in contrast the single threaded model should be avoided as it will limit traffic - keeping users waiting at the "starting gate" until the previous visitor to the application has completed his current interaction.
We have developed a number of applications for internal use here at Well House Consultants and Well House Manor over the years that rely on staff members logging in to get [full] use of the application code, and I am in process of applying a single login model to them retrospectively ... since they're internal, I'm afraid I can't publish log in details to give you a demonstration, but I can give you some pointers.
| • 1. We're noting logins at the start of each of the applications via a common set of PHP functions that we have written and include in each application: pwtest to see if the user is already logged in, and return account info pwcheck to check if a user name and password pair are valid pwlogin to log a user in pwlogout to log a user out • 2. On the exit from each application, any session is destroyed but the longer term login cookie is retained • 3. On the user selecting a general logout button, session cookies for all applications grouped under the single login facility are destroyed in order to avoid any security holes being left open. • 4. Cookies for the single common login are specifically set up for the root directory or any folder below it so that they will be seen by all the sharing applications, and are initially configured to allow a user to remain logged in for a period of rather longer that a regular session, but not for months or years! |
What applications are we serving with the system so far?
Our Staff Resources Front Page (where extra links are provided for staff who are logged in)
Our hotel room availability page (if you're not logged in, you just get a room status report and an invitation to book. When logged in, we can see details of room allocation right down to the staff member on duty being given a checklist of anticipated arrival times!)
Our new incident book system through which we report anything from breakages to notes of customer preferences between ourselves - the public facing pages are read only, and only show items we have chosen to mark "public".
Our wiki (sample page) that is extensively used for both internal and customer facing pages that change frequently.
Our traffic monitor (last 5 minutes) and most popular pages (last 24 hours) reports reveal more information to logged in staff
And our security monitor page - when logged in suitably, certain team members can view the web cams. If not logged in, You'll see a display of some static photographs instead.