Skip to main content

Authentication and Sessions

Page 2.3.1: User Accounts

Introduction

User accounts provide personalized access to the Inventory Management System, enabling individual tracking, permissions, and a tailored experience. Understanding how user accounts work is essential for both users and administrators.

Account Creation Methods

  • Self-Enrollment

    • Users can create their own accounts if user enrollment is enabled.
    • Access the "Sign Up" or "Register" link on the login page.

  • Administrator-Created Accounts

    • Administrators can create accounts and assign roles directly.

User Roles and Permissions

  • Administrator

    • Full access to all features and settings.
    • Can manage users and system configurations.

  • Standard User

    • Access to inventory management functions.
    • Limited access to administrative features.

  • Custom Roles

    • Administrators may define custom roles with specific permissions.

Managing Your Account

  • Profile Information

    • Update your name, email, and other personal details in "Account Settings".

  • Changing Passwords

    • Navigate to "Account Settings" and select "Change Password".
    • Enter your current password and the new password.

  • Account Security

    • Enable two-factor authentication if available.
    • Regularly update your password and review login activity.

Password Policies

  • Complexity Requirements

    • Minimum length (e.g., 8 characters).
    • Must include uppercase and lowercase letters, numbers, and special characters.

  • Expiration

    • Passwords may be set to expire periodically, requiring users to create a new one.

  • Reuse Prevention

    • The system may prevent the reuse of recent passwords.

Account Recovery

  • Forgot Password

    • Click "Forgot Password" on the login page.
    • Enter your email address or username to receive reset instructions.

  • Security Questions

    • Some systems may use security questions for identity verification.

Privacy

  • Data Protection

    • Your personal data is stored securely and used in accordance with the system's privacy policy.

  • Activity Logging

    • The system logs user actions for auditing purposes.

Page 2.3.2: Logging In

Introduction

Logging in authenticates your identity and grants you access to the system's features based on your permissions.

Steps to Log In

  1. Access the Login Page

    • Navigate to the system's URL: http://127.0.0.1:8080/login
    • Alternatively, click "Login" if you're on the main page.

  2. Enter Your Credentials

    • Username or Email: Input your username or email address associated with your account.
    • Password: Enter your password.

  3. Optional: Remember Me

    • Check the "Remember Me" box to stay logged in on this device.
    • Note: Use this feature only on personal devices.

  4. Click "Login"

    • Press the "Login" button to proceed.

  5. Successful Login

    • You will be redirected to your dashboard or the main interface.

First-Time Login

  • Password Change Prompt

    • If an administrator created your account with a temporary password, you may be required to change it upon first login.

  • Accept Terms and Conditions

    • You might need to accept the system's terms of service or privacy policy.

Failed Login Attempts

  • Incorrect Credentials

    • Double-check your username and password for accuracy.
    • Passwords are case-sensitive.

  • Account Locked

    • After multiple failed attempts, your account may be temporarily locked.
    • Wait for the lockout period to expire or contact an administrator.

  • Forgot Password

    • Use the "Forgot Password" link to reset your password.

Two-Factor Authentication (2FA)

  • Setup

    • If enabled, set up 2FA using an authenticator app or SMS.

  • Login Process with 2FA

    • After entering your credentials, you'll be prompted to enter a verification code.

Page 2.3.3: Session Management

Introduction

Session management is crucial for maintaining security and ensuring a smooth user experience. It involves handling how users are authenticated and how their interactions with the system are maintained over time.

How Sessions Work

  • Session Creation

    • A session is initiated when you log in, creating a secure communication channel between your browser and the server.

  • Session Cookies

    • The system uses cookies to store session identifiers.
    • Cookies are flagged as Secure and HttpOnly to enhance security.

Session Security Features

  • Session Expiration

    • Sessions expire after a period of inactivity (e.g., 30 minutes).
    • You will need to log in again if your session has expired.

  • Concurrent Sessions

    • The system may limit the number of concurrent sessions per user.
    • Logging in from a new device may log you out from another.

  • Session Termination

    • Logging out ends your session and invalidates the session cookie.

Best Practices

  • Log Out After Use

    • Always log out, especially when using shared or public devices.

  • Avoid Public Networks

    • Be cautious when accessing the system over unsecured Wi-Fi networks.

  • Do Not Share Sessions

    • Do not share your login credentials or session cookies with others.

Managing Active Sessions

  • View Active Sessions

    • Some systems allow you to view and manage your active sessions from your account settings.

  • Terminate Sessions

    • You can log out of other devices by terminating active sessions.

Session Issues

  • Unexpected Logout

    • If you are logged out unexpectedly, it may be due to session expiration or network issues.
    • Log in again to resume your work.

  • Session Hijacking Protection

    • The system monitors for suspicious activity and may invalidate sessions if anomalies are detected.
No Comments
Back to top