Login/logout use case [closed]

Closed. This question is opinion-based. It is not currently accepting answers.

---

Want to improve this question? Update the question so it can be answered with facts and citations by editing t开发者_开发百科his post.

Closed 6 years ago.

Improve this question

Suddenly I've been in need of making an use case and I've stumped over a dilemma with the login/logout.

A co-worker tells me that they should be a use case by themselves like:

[login, admin stuff, logout]

But my brain yells at me that login should be an include of the use cases that needs a login while logout should be an extend of login.

[admin stuff -include> login -extends> logout]

So, which one?

---

Models are rarely right or wrong in absolute terms; they are simply more or less useful for a given purpose. Use cases are models of actions that users of your system are supposed to carry out. From your (too brief) description, I'd probably model Login and Logout as two separate, independent use cases.

Why would you extend one from the other? What is the commonality that they would share from your viewpoint?

---

Use cases are a way to describe the goals of an actor (user/other system/...), which are achieved through interaction with the system under design.

This leads most people to exclude authentication (login/logout) from use cases, because administrators don't use systems in order to login, but to administer the system.

However, I tend to argue, that it is a goal of an administrator to be identified by the system in order to prevent misuse. This is a fairly low level use case and you should decide yourself if including it provides any value.

As to the relations between use cases, it seems you are a bit confused by them. Admin stuff includes login means, that whenever an administrator uses the system for administration, he wants the system to log him in. This seems valid, but you should probably make a difference between 'logging in' and 'authentication' - the administrator doesn't have to log in with username and password every time he uses the system, but the system has to authenticate - validate users identity (e.g. by username and login, but afterwards using cookie). So I would be careful with naming here. Admin stuff extends logout means, that when an administrator uses the system to logout, in some scenarios (situations) it might happen, that he would also use the system to administer stuff. This obviously makes no sense. If you turn it the other way around - logout extends the admin stuff, it would be more reasonable, yet it is for yo uto decide, if logout is really what administrators are using the system for.

Hope you now understand use cases better and that you are able to make a good decision by yourself, good luck!