Login Algorithm

To set the password

ServerClient
<----user logs in:
  • username U
  • old password O
  • password P
  • password P2
authenticate user:
  • Q[U] == H(O) or try again
P == P2 or try again
clear all [H(C), U, E[C]] for user U
set new password:
  • store Q[U] = H(P)
set new cookie:
  • compute cookie C = random
  • compute expiration E[C]
  • store H(C), U, E[C]
U, C---->store U, C

To log in

ServerClient
<----user logs in:
  • username U
  • password P
authenticate user:
  • Q[U] == H(P) or try again
set new cookie:
  • compute cookie C = random
  • compute expiration E[C]
  • store H(C), U, E[C]
U, C---->store U, C

When already logged in

ServerClient
<----user connects:
  • username U
  • cookie C
confirm cookie validity:
  • get U[C], E[C] for cookie H(C)
  • U == U[C] or log out
  • E[C] >= now or log out
clear H(C)
set new cookie:
  • compute cookie C = random
  • use same E[C]
  • store H(C), U, E[C]
U, C---->store U, C

To log out

clear C on client and H(C) on server.


end

SourceForge.net Logo