search

jmh9072 / ustalk

Automatically exported from code.google.com/p/ustalk
0 stars 0 forks source link

Way for users to report their own last active time #2

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago 
We need to have a way to link a user's uStalk account to their Bungie.net 
account, then issue them a random password (it will be stored in plaintext in 
Greasemonkey or on their computer) they can use to let us know when they are 
online.

This should be integrated into Greasemonkey as well as have a place 
non-Greasemonkey users can go to achieve the same thing. A tab they can open 
that will automatically refresh every minute would be nice.

Original issue reported on code.google.com by jmh9072 on 13 Sep 2010 at 7:22

GoogleCodeExporter commented 9 years ago 
Here's what I'm thinking now:

Instead of issuing a second password, we generate and store a random value in 
the database in the user's row and put this same value in a cookie. Every time 
the user logs in a new value is generated.

This plan gives several great benefits:

+ eliminate the possibility of a passcode being taken and used for bad
+ the Greasemonkey script won't have to ask for the user's UID, just their 
username/password if there's no cookie containing this information
+ logging in somewhere else automatically causes old cookie to no longer be 
valid - good for multiple users sharing a computer

Original comment by jmh9072 on 22 Dec 2010 at 8:24

GoogleCodeExporter commented 9 years ago 
Sounds good to me. For the random value, we could just use the PHP Session ID, 
that is only set (I Think, if I remember correctly), if the user is logged in. 
Doesn't have any relation to the password. Effectively use cross site requests 
to ustalk in order to log that they're there. This saves a lot of database 
traffic, and accomplishes roughly the same thing. 

Automatically having a new login expire old logins is something I've wanted to 
do before, but for people like myself who have multiple computers they use 
simultaneously it would be annoying as they can only use ustalk from one at a 
time then. People should really just remember to logout or setup multiple 
accounts on computers. I think the web browser cookies are a bad place to 
manage this. We could make a button to "disable all other of my current 
logins", which might be useful (It's what gmail does), although then we get 
back to having to store sessions in the database. Might be useful to store them 
in the database for more stats to play with though...)

Original comment by Firebird347 on 22 Dec 2010 at 10:04