Crucible: New Territory
Thanks to the folks at Creative Eyes, I have a new System Preferences applet that can start and stop the MySQL database engine very easily. MySQL either doesn’t have one of their own or it’s buggy.
Now that MySQL is up and running, I can get back to what I was working on before the Ruby/C binding interruption, although I still haven’t tried that yet with the new laptop. Maybe later this week.
I’ve decided to work on the core of the Crucible system: user and session management.
Knowing what I know about the version of phpBB that I use for the Barscape forum, each time a user logs on, they are assigned a random 64-bit number for their session identifier. Every subsequent interaction with the forum, updates a session database with information as to where they are in the system and when they requested a page. Here are some limitations that I want to get around:
- if a user is inactive for more than 5 minutes, the system thinks that they are now off-line
- if you login to the system from more than one tab in a multi-tab browser, only one login session is registered
The first limitation is annoying because it is a hack to enable a half-assed auto-logout feature. Some people don’t logout to kill their sessions. They just let them hang. If the system work this way, then people would be marked as online when they weren’t. On the other hand, they aren’t actually logged off, which means that if someone in an Internet cafe did this, the next person coming along could just use their still-open session.
The second limitation I find particularly annoying b/c there are times that I want to do two different things on the site at the same time. So, I use multiple tabs. However, as there is only support for one login, the second session clobbers the first.
There is another side effect to this: personas. At Barscape, some users have multiple accounts so that they can take on multiple role-playing personas. From an administration point of view, this is difficult to maintain. Not for the current users, who are civil, but from the point of view of having to support the general on-line populace, a lot of whom are trollish. Allowing multiple accounts per user makes banning a very difficult proposition. If you ban the primary account, the user could then use an auxiliary account to wreak havoc in the system.
Typing multiple personas to individual accounts would alleviate this administration headache, but without multiple login support these personas could not be used simultaneously.
Here is how I want the user/session system to work:
- Users that log in to the system get a unique and random 64-bit session key.
- Each login creates a new session. Session keys are tied to individual browser/tab views.
- During a session, a user can select which persona is active. This can be done on a session basis or a per-post basis.
- Users which interact with the system also have their session information updated.
- Every 4½ minutes, or 30 seconds before some account timeout triggers, a “ping” is sent to the server to tell the session manager that the user’s browser tab is still active. (People read/write fiction at Barscape. Reading and writing takes time.)
- User session states will have three states: offline, online and inactive.
- Session can be active, stale and expired:
- Active sessions are those in which a user is interacting with the system
- Stale sessions are those in which a user has successfully “pinged” the system 3 times.
- Expired sessions are those in which there are no interactions and no pinging taking place.
- Stale sessions will require the user to re-enter their password to continue.
- Expired session will require a re-login.
- Users will be able to “lock” their sessions, requiring them to re-enter their password to continue.
- Crucible will feature an invitation-only system in lieu of open registrations. Anyone who wants to join can submit a request if they don’t know anyone.