From Woozle Writes Code
< Ferreteria‎ | v0.5‎ | login
Jump to navigation Jump to search


  • Check login object: are we currently logged in?
  • If yes:
    • Login object bookkeeping: note logged-out
    • Event log: user logged out
  • Else (not logged in):
    • Event log: redundant logout

Code notes

Logged-in sessions come in two flavors -- login and reauth.

  • 1. Login is right after the user has submitted user/pw creds. If successful, the user's browser is given a session-cookie to use and is then immediately redirected (to clear out the POST input, thus preventing accidental multiple logins) and we go to phase 2.
  • 2. Reauth is when we need to check the user's session-cookie before we can know whether they're logged in or not. This represents the majority of logged-in sessions.

In-memory login state is stored in the static csLogin class (login/status.php).