Menu
▾
▴
#11 User.equals() method wrong
Consider the following two users:
Nickname: larry
Password: foobar
email: larry.berkowitz@seventiescop.org
Nickname: geoff
Password: foobar
email: geoff.geek@hacker.net
The equals method would return true because their
passwords are the same, when quite clearly they are two
separate users.
Logged In: YES
user_id=104837
is this a problem?
equals() is used in two circumstances:
1. when comparing whether passwords are equal between a user
trying to log in under a particular nickname, and the
version of that user object stored in the database (i.e.
once we know the nickname, do the passwords match?)
2. when comparing whether password are equal between a
cookie showing a particular userID, and the version of that
user object stored in the database (i.e. once we know the
userID, do the passwords match?)
What is the problem?
Logged In: YES
user_id=522688
Just comparing passwords isn't really in the spirit of the
equals method. It's just not robust. Who's going to remember
that only passwords are compared in the future?
Two solutions:
1. Fix equals method (my preferred option)
2. Make it clear that only passwords are being compared i.e.
rename equals() equalPasswords() and explain circumstances
in JavaDoc comments, just as you've explained it to me here.