Please start any new threads on our new
site at https://forums.sqlteam.com. We've got lots of great SQL Server
experts to answer whatever question you can come up with.
| Author |
Topic |
|
afrika
Master Smack Fu Yak Hacker
2706 Posts |
 Posted - 2005-10-22 : 15:32:19
|
| Hello,Am working on an frontend that allows users to log into a clients website.However, i need some advice here.We are debating if to use 1. The users username as the session variable (Which normally is the standard)2. Or to create a special table to log a user when he logs in.This table would have a unique value assigned to every new log in and monitor his IP and session variable, to ensure that the user does not log in twice.This table also would serve as a view to every other table which it woudl use to reference the user's ID as he browses through the siteWoudl this option 2: be efficient ? I need advice on this ?rgds Afrika |
|
|
spirit1
Cybernetic Yak Master
11752 Posts |
Posted - 2005-10-22 : 15:54:59
|
it would. we use it and we have an app that has 4 different permission levels for each user-role.every user has a user-role.Go with the flow & have fun! Else fight the flow  |
 |
|
|
Kristen
Test
22859 Posts |
Posted - 2005-10-23 : 00:45:39
|
"create a special table to log a user when he logs in"That's what we do too.Apart from the permissions thingie consider what you might want to report on. The things our "logging table" is used to assist with includes:- Hack attempts
- People who have trouble logging in (mostly to answer "How many had trouble?" - the ones who ask for help are known, the ones who "go away" aren't!)
- Users who have cookies / JavaScript / etc. turned off
Kristen |
|
|
|
activecrypt
Posting Yak Master
165 Posts |
Posted - 2005-10-23 : 03:22:06
|
| HI,we do have a UserMaster , UserRights(functionality),UserLogs(capture username,hostname,date&time of login)....http://www.activecrypt.com |
|
|
|
afrika
Master Smack Fu Yak Hacker
2706 Posts |
Posted - 2005-10-23 : 08:32:18
|
| Thanks everyone,Yes i have known about activecrypt for many years, but we currently are running on a dedicated win platform but a shared MS SQL hosting, and hope to move to a dedicated db server as we scale. So for now we cant use activecrypt, which we were told runs as a function.I also learnt that as a draw back it affects perfomance.Thanks once again SPirit1 and Kristen for the advice.We do have a permission level already in place and log every user login as well as login failure and use the servervaraibles to log what type of browser, cookies etcThanks once again.Really really nice adviceAfrika |
|
|
|
|
|
|
|
|
Advice: On a unique login