Allow logout while multiple large files are uploaded

Question

I have been asked to implement a file upload program. The program is a Java Web Start application responsible for uploading the contents of a CD to a web application. There are two requirements here:

1. The uploader should operate in the background with minimal interaction (No rich GUI).
2. Users may not want to watch the file being uploaded. The user should be able to log out from the system while the uploader is still running. The uploader must continue even if the user logs out.

My gut feel is that #2 is insecure at best and impossible at worst. Basically, to implement such a use case you would need to create a new session id for the uploader; independent of the original session, and without the user's password.

Has anyone had a similar use case? If so, what approach did you take?

Answer 1

I'm not sure why this is complicated even if a user logs out.

Session is started at login, session id assigned.

User begins uploading file with session id information in filename. e.g. session_id_user_name.DAT

User Logs out

File is complete, background process on host identifies information based on session ID, moves file to location.

User Logs back in later

File is recognized and tied to account.

Security is not an issue since the file stream is still in progress since it was started. Session information could be serialized and deserialized once user has logged back in. In any case the file stream could run completely unattended.

Perhaps i've oversimplified this but it seems straightforward.

Answer 2

From a users POV I can't see #2 ever being relevant. A user thinks if they "log out" then any current operations would be canceled, they would then very likely turn their computer off - in which case there is no way your transfer will keep going. Just let them minimize the interface to a small icon on the bottom right (man having a brain fart can't think of what they are called) of the taskbar in Windows.