Ferreteria/v0.5/login/session: Difference between revisions
< Ferreteria | v0.5 | login
Jump to navigation
Jump to search
No edit summary |
m (6 revisions imported: moving this project here) |
(No difference)
|
Latest revision as of 16:44, 22 May 2022
Process
- If browser has a Session cookie:
- Search for Session matching the cookie
- If found:
- Session bookkeeping: update WhenUsed
- Account bookkeeping: update WhenUsed
- Login object bookkeeping: note session-logged-in
- Else (no matching Session)
- if Session ID matches but token is wrong:
- Event log: token mismatch (possible hacking attempt)
- Create new Session
- Send correct Session cookie to browser
- Login object bookkeeping: note not-logged-in
- if Session ID matches but token is wrong:
- Else (no Session cookie)
- Search for Session matching the browser profile
- If found:
- Generate Session cookie and send it to browser
- Login object bookkeeping: note not-logged-in
Code
Everything starts with csLogin::IsLoggedIn()
, which calls...
csLogin::SessionValidity()
csLogin::ValidateSession()
<Session Feature>->MakeActiveSession()
- ensures there's a Session Status object, retrieved from...<Session Feature>->ActivateSession()
- This then basically carries out the process described above.
Files:
csLogin
is in login/status.php<Session Feature>
is in login/session/feature.php
SQL: SQL/user session