Ferreteria/v0.5/login/session: Difference between revisions

From Woozle Writes Code
< Ferreteria‎ | v0.5‎ | login
Jump to navigation Jump to search
(Created page with "==Process== * If browser has a Session cookie: ** Search for Session matching the cookie ** If found: *** '''Session bookkeeping''': update WhenUsed *** '''Account bookkeeping...")
 
m (6 revisions imported: moving this project here)
 
(5 intermediate revisions by one other user not shown)
Line 18: Line 18:
*** '''Login object bookkeeping''': note not-logged-in
*** '''Login object bookkeeping''': note not-logged-in
==Code==
==Code==
===authenticating session===
Everything starts with <code>csLogin::IsLoggedIn()</code>, which calls...
<code>{{arg|Session Feature}}->UserIsLoggedIn()</code>
* <code>csLogin::SessionValidity()</code>
* &rarr; <code>NativeRow()->UserIsLoggedIn()</code>
** <code>csLogin::ValidateSession()</code>
===reading login status===
*** <code>{{arg|Session Feature}}->MakeActiveSession()</code> - ensures there's a Session Status object, retrieved from...
Example: see code in <code>cMenuLink->FigureIfAuthorized()</code> in {{l/ferreteria/code|tree/items/MenuLink.php}}
**** <code>{{arg|Session Feature}}->ActivateSession()</code>
* This is called once per object from <code>ftRequiresPermit->OnRunCalculations()</code> in {{l/ferreteria/code|tree/items/traits.php}}.
***** This then basically carries out the process described above.
 
'''Files''':
* <code>csLogin</code> is in {{l/ferreteria/code|login/status.php}}
* <code>{{arg|Session Feature}}</code> is in {{l/ferreteria/code|login/session/feature.php}}
 
'''SQL''': {{l/ver|SQL/user session}}

Latest revision as of 16:44, 22 May 2022

Process

  • If browser has a Session cookie:
    • Search for Session matching the cookie
    • If found:
      • Session bookkeeping: update WhenUsed
      • Account bookkeeping: update WhenUsed
      • Login object bookkeeping: note session-logged-in
    • Else (no matching Session)
      • if Session ID matches but token is wrong:
        • Event log: token mismatch (possible hacking attempt)
      • Create new Session
      • Send correct Session cookie to browser
      • Login object bookkeeping: note not-logged-in
  • Else (no Session cookie)
    • Search for Session matching the browser profile
    • If found:
      • Generate Session cookie and send it to browser
      • Login object bookkeeping: note not-logged-in

Code

Everything starts with csLogin::IsLoggedIn(), which calls...

  • csLogin::SessionValidity()
    • csLogin::ValidateSession()
      • <Session Feature>->MakeActiveSession() - ensures there's a Session Status object, retrieved from...
        • <Session Feature>->ActivateSession()
          • This then basically carries out the process described above.

Files:

SQL: SQL/user session

Retrieved from "https://wooz.dev/mw/index.php?title=Ferreteria/v0.5/login/session&oldid=2482"