Revisiting legacy myUMBC session management

Now that we’ve entered the brave new world of SSN remediation, it’s time to think about taking another step with myUMBC: We should stop using HP-ID as the primary key for legacy session management, and use UMBC Campus ID instead. Here’s why…

All of our web proxy channels which use the old portal as a back end, rely on the legacy code for session management and authentication. These channels, by design, often contain content above and beyond stuff that involves SIS. However, they rely on the SIS database, and the presence of an HP-ID, to work. Only a subset of people at UMBC have HP-IDs (at last count, there were 280,645 people in our directory, of which 274,244 had HP-IDs). People without HP-IDs have issues rendering these channels and taking full advantage of the portal. To get around this, I generate “bogus” HP-IDs for these folks to use as a primary key in the session management table. That makes things “sort of” work for them, but there are still problems — for one, the link ACL stuff in the legacy portal doesn’t fully work because it does LDAP queries against the HP-ID.

How do we address this? Well, the ultimate answer is to stop using HP-IDs as the primary key, and switch to campus IDs. On the surface, this seems easy. However, it’s actually a huge can of worms, because of sloppy development in the past. Rather than doing any code-sharing back then, our developers all wrote (or cut-and-pasted) their own code to manipulate the session table. As a result, we have 5,000 (slight exaggeration) apps that will each need to be updated to the new scheme. We’re paying now for cutting corners then.

I guess I should look at this as an opportunity to clean up some of this old code and get all the apps using a single library. But, that takes time, which means that this won’t be happening right away. In the meantime, I guess we’ll continue to limp along and deal with the no-HP-ID users as best we can.