Ferreteria/v0.5/login/session

From Woozle Writes Code
< Ferreteria‎ | v0.5‎ | login
Jump to navigation Jump to search

Process

  • If browser has a Session cookie:
    • Search for Session matching the cookie
    • If found:
      • Session bookkeeping: update WhenUsed
      • Account bookkeeping: update WhenUsed
      • Login object bookkeeping: note session-logged-in
    • Else (no matching Session)
      • if Session ID matches but token is wrong:
        • Event log: token mismatch (possible hacking attempt)
      • Create new Session
      • Send correct Session cookie to browser
      • Login object bookkeeping: note not-logged-in
  • Else (no Session cookie)
    • Search for Session matching the browser profile
    • If found:
      • Generate Session cookie and send it to browser
      • Login object bookkeeping: note not-logged-in

Code

Everything starts with csLogin::IsLoggedIn(), which calls...

  • csLogin::SessionValidity()
    • csLogin::ValidateSession()
      • <Session Feature>->MakeActiveSession() - ensures there's a Session Status object, retrieved from...
        • <Session Feature>->ActivateSession()
          • This then basically carries out the process described above.

Files:

SQL: SQL/user session