Wed, 30 May 2007

2:10 PM - Last Login on Just Journal

One thing that has always bothered me about Just Journal is the lack of a last login date stamp.  It is impossible to know if someone has broken into your account without some record of logins.  I can look at some logs and determine roughly where people login from but there is absolutely no login accounting.   I also don't know how many users are actually logging into the site after their accounts were created. 

Today I'm working on a new feature to display the last login information to the client.  The first iteration had a function called setLastLogin in the WebLogin class used to do all authentications.  The problem with this approach is that if I call setLastLogin in a login function then the last login was right then.  It serves my auditing purposes, but is useless for end users to detect stolen login sessions.  My second approach called the method inside of the LoginAccount class.  This class handles all current login activity except logins from the update or comment pages.  I still need to handle them separately.  I had to call the method in two different locations as to support the web client (this site) and the Windows .NET and Java clients.  A better solution would be to store the lastlogin in some sort of authenticated user class that I can serialize in the session.  Rewriting the entire login system isn't something I want to do right now. 

The feature isn't live yet, but I have a good share of the code and the database schema changes done.  There are much more interesting features, but many of them require a lot of time which I don't have while taking two spring classes.   I'm totally confused about implementing tagging.  At first I was certain I wanted global tags that everyone could see.  The advantage would be easy searches and a list of popular tags.  (i forget what they call that..)  Tagging is the most obvious Web 2.0 feature I'm missing.  Also due to design defects, I can't easily add search so tags would at least help sort entries.  I've got 4 years worth on here.  As far as searching is concerned, I do have one idea how to implement it.  It won't be good, but it will be something.

0 comments