posted 9 years ago
I have just been a web application developer for a year and a half now. My inexperience led me to have this question.
Normally, small and simple web applications with login set the user details in the session once the user has successfully logged in. Then, through a filter class, it checks the session every request to find out if the session is authorized and valid. This ensures that without logging in, app users would not be able to access certain links. I noticed that some web apps have a table in the database where there is a field "userloginstatus" in the users table to indicate the state of the user if logged in or not. Seems kinds redundant and useless since the user is checked in the session anyway. Can anyone tell me what added security protection does this do?