Procedure Model

Type:    (  )Web Page              (  )CGI Script              (X)Shared Library      (  )System API

Name: lib/

Assigned to:



This module manages login sessions for the system. Its public methods are called by CGI scripts to determine if the user is properly authenticated on the system and has currently valid credentials.

The Constructor assumes that the user has been authenticated by the login.cgi script. As such, it accepts the call to create the session token, but does no additional checks on the authenticity of the user.

Implementation Skills


Parameter List

Username, access_level

Called By:


Can Call:

Http_Sessions database.

Function Description

HTTP_Sessions database Sessions table:

| Field       | Type          | Null | Key | Default | Extra |
| User_Name   | varchar(20)   |      | PRI |         |       |
| Session_Tok | varchar(32)   |      |     |         |       |
| Access_Level| int           |      |     | 0       |       |
| TimeStamp   | timestamp(14) | YES  |     | NULL    |       |

Constructor(UserName, Access_Level) method:

  1. Take the username and access_level from the parameter list passed to the function.
  2. Open the sessions database and delete any previous entry for this same username.
  3. Create a session token by MD5 base64 encoding the current timestamp.
  4. Insert a new record into the Sessions table with this User_Name, Session_Token, and Access_Level.
  5. Populate and return a Login object with the User_Name, Session_Token and Access_Level. This object is then used by the calling program to send a Login cookie back to the user’s browser using the format: “<username>:<access_level>:<session_token>

getLogin() method:

  1. Get a reference to the CGI query object and extract the Login cookie from this object.
  2. If no cookie exists, return a null Login object. Otherwise, split the Login cookie using the colons into its username, access_level and session_token values.
  3. Query the Sessions table for a matching token and if one exists populate a new Login object with the values from the database. Otherwise, return a null Login object.

getUserName(Login) method:

  1. Using the Login object passed as a parameter, return the Username string property of the object.

getAccessLevel(Login) method:

  1. Using the Login object passed as a parameter, return the Access_Level integer property of the object.

destroy(UserName) method:

  1. Delete any record in the Sessions table with this UserName and nullify any cookie stored on the browser by returning a new Login cookie with an empty string for its value.

Possible Exit Conditions and Return Values

A Login object with undefined properties indicates that the system failed to find any credentials for this user. This test is usually performed by using the getLogin() method to get a Login object and then calling the getUserName(Login) method with the Login object returned by the getLogin method. If the getUserName method returns an undefined value, then the credentials do not exist or there is a system problem.

Note that this class does not test for the age of a set of credentials although such a test can be included by having the getLogin method test the age of the session token by looking at the timestamp value in the Sessions table.

Sign Off by:

Project Manager.