Aqua Phoenix



  Navigator
 
  3. Design Document
 


3.4 Component / Behavior Model for User Authentication



Figure 8: Component / Behavior Model for User Authentication
 
Name: User Authentication
Defining Qualities:
  • Given a username and password, authenticate user
  • Provide a means for the user to be authenticated from page to page without re-entering username/password
  • Provide a means to log out after use
Behaviors: Login
  • Upon login, check username and password against user table in database
  • If match, enter username and timestamp into 'login' table in database
  • Secondly, construct cookie with username and timestamp information
Authentication
  • After initial login, for every page requested, check cookie for username
  • If username found in login table with valid timestamp, send page, otherwise, send login page
Logout
  • At logout, remove login info from 'login' table in database; even if the user fakes a cookie, authentication will fail on server side
  • Reason for design choice: Generally, a level of security is chosen that best fits the purpose. For this purpose, secure sockets is too much, but username passing between pages without backend authentication is too little of security