Ferreteria/v0.5/login/logout

From Woozle Writes Code
< Ferreteria‎ | v0.5‎ | login
Revision as of 15:37, 24 March 2022 by htyp>Woozle (Created page with "==Process== * Check login object: are we currently logged in? * If yes: ** '''Login object bookkeeping''': note logged-out ** '''Event log''': user logged out * Else (not logg...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Process

  • Check login object: are we currently logged in?
  • If yes:
    • Login object bookkeeping: note logged-out
    • Event log: user logged out
  • Else (not logged in):
    • Event log: redundant logout

Code notes

Logged-in sessions come in two flavors -- login and reauth.

  • 1. Login is right after the user has submitted user/pw creds. If successful, the user's browser is given a session-cookie to use and is then immediately redirected (to clear out the POST input, thus preventing accidental multiple logins) and we go to phase 2.
  • 2. Reauth is when we need to check the user's session-cookie before we can know whether they're logged in or not. This represents the majority of logged-in sessions.

In-memory login state is stored in the static csLogin class (login/status.php).