• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

User login status

 
Greenhorn
Posts: 19
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I have just been a web application developer for a year and a half now. My inexperience led me to have this question.

Normally, small and simple web applications with login set the user details in the session once the user has successfully logged in. Then, through a filter class, it checks the session every request to find out if the session is authorized and valid. This ensures that without logging in, app users would not be able to access certain links. I noticed that some web apps have a table in the database where there is a field "userloginstatus" in the users table to indicate the state of the user if logged in or not. Seems kinds redundant and useless since the user is checked in the session anyway. Can anyone tell me what added security protection does this do?
 
Marshal
Posts: 28193
95
Eclipse IDE Firefox Browser MySQL Database
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
You seem to be assuming that keeping the user's logged-in status in the database is done for security purposes. This may be the case, and if so I have no idea what extra security is provided.

However an application designer might choose to use the database for other reasons. For example perhaps it's useful for an administrator to find out what users are logged in, and it's easier to do a database query instead of writing something to go through all of the server's sessions. Especially if there are multiple servers. That's just one reason and I'm sure there could be others.
 
Rancher
Posts: 989
9
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Some do that as an attempt to stop users from logging in multiple times from different locations.
 
reply
    Bookmark Topic Watch Topic
  • New Topic