Ferreteria/v0.5/login/session: Difference between revisions

From Woozle Writes Code
< Ferreteria‎ | v0.5‎ | login
Jump to navigation Jump to search
No edit summary
m (6 revisions imported: moving this project here)
 
(3 intermediate revisions by one other user not shown)
Line 19: Line 19:
==Code==
==Code==
Everything starts with <code>csLogin::IsLoggedIn()</code>, which calls...
Everything starts with <code>csLogin::IsLoggedIn()</code>, which calls...
* <code>csLogin::Validity()</code>
* <code>csLogin::SessionValidity()</code>
** <code>csLogin::Validate()</code>
** <code>csLogin::ValidateSession()</code>
*** <code>{{arg|Session Feature}}->MakeActiveSession()</code>
*** <code>{{arg|Session Feature}}->MakeActiveSession()</code> - ensures there's a Session Status object, retrieved from...
**** <code>{{arg|Session Feature}}->ActivateSession()</code>
**** <code>{{arg|Session Feature}}->ActivateSession()</code>
***** This then basically carries out the process described above.
***** This then basically carries out the process described above.
'''Files''':
* <code>csLogin</code> is in {{l/ferreteria/code|login/status.php}}
* <code>{{arg|Session Feature}}</code> is in {{l/ferreteria/code|login/session/feature.php}}
'''SQL''': {{l/ver|SQL/user session}}

Latest revision as of 16:44, 22 May 2022

Process

  • If browser has a Session cookie:
    • Search for Session matching the cookie
    • If found:
      • Session bookkeeping: update WhenUsed
      • Account bookkeeping: update WhenUsed
      • Login object bookkeeping: note session-logged-in
    • Else (no matching Session)
      • if Session ID matches but token is wrong:
        • Event log: token mismatch (possible hacking attempt)
      • Create new Session
      • Send correct Session cookie to browser
      • Login object bookkeeping: note not-logged-in
  • Else (no Session cookie)
    • Search for Session matching the browser profile
    • If found:
      • Generate Session cookie and send it to browser
      • Login object bookkeeping: note not-logged-in

Code

Everything starts with csLogin::IsLoggedIn(), which calls...

  • csLogin::SessionValidity()
    • csLogin::ValidateSession()
      • <Session Feature>->MakeActiveSession() - ensures there's a Session Status object, retrieved from...
        • <Session Feature>->ActivateSession()
          • This then basically carries out the process described above.

Files:

SQL: SQL/user session