Ferreteria/v0.5/login/session: Difference between revisions

Revision as of 21:28, 29 March 2022

If browser has a Session cookie:
- Search for Session matching the cookie
- If found:
  - Session bookkeeping: update WhenUsed
  - Account bookkeeping: update WhenUsed
  - Login object bookkeeping: note session-logged-in
- Else (no matching Session)
  - if Session ID matches but token is wrong:
    - Event log: token mismatch (possible hacking attempt)
  - Create new Session
  - Send correct Session cookie to browser
  - Login object bookkeeping: note not-logged-in
Else (no Session cookie)
- Search for Session matching the browser profile
- If found:
  - Generate Session cookie and send it to browser
  - Login object bookkeeping: note not-logged-in

Everything starts with csLogin::IsLoggedIn(), which calls...

csLogin::SessionValidity()
- csLogin::ValidateSession()
  - <Session Feature>->MakeActiveSession() - ensures there's a Session Status object, retrieved from...
    - <Session Feature>->ActivateSession()
      - This then basically carries out the process described above.

Files:

SQL: SQL/user session

@@ Line 19: / Line 19: @@
 ==Code==
 Everything starts with <code>csLogin::IsLoggedIn()</code>, which calls...
-* <code>csLogin::Validity()</code>
+* <code>csLogin::SessionValidity()</code>
-** <code>csLogin::Validate()</code>
+** <code>csLogin::ValidateSession()</code>
-*** <code>{{arg|Session Feature}}->MakeActiveSession()</code>
+*** <code>{{arg|Session Feature}}->MakeActiveSession()</code> - ensures there's a Session Status object, retrieved from...
 **** <code>{{arg|Session Feature}}->ActivateSession()</code>
 ***** This then basically carries out the process described above.