This a minimalistic implementation ~200 LOC of a time clock as described in my blog.
I would appreciate a review since this is my first foray into the world of Web sessions and a time/attendance system.
I decided upon PHP $_SESSION
since that might be the most mature and easy to
implement.
I was naively hoping that PHP's $_SESSION
would manage the entire record, but
as I began to understand it, I now view it as a very simple UX tool to ensure
the user doesn't inadvertently re-login from "/". That's it!
If a user is already logged in another device. What happens to the session? Can they be combined? Can the first session prevent a new session with the same credentials from being created?
Can the session be used to "clock out" the user after say a time out?
That the identity number is secret. I know I display on the index page, but this is for debugging. I wanted to avoid passwords for this prototype. In future I will make the "clock out" action that's not done by a user, a privileged protected action.