Ferreteria/v0.5/login/session

From Woozle Writes Code
< Ferreteria‎ | v0.5‎ | login
Revision as of 16:05, 24 March 2022 by htyp>Woozle
Jump to navigation Jump to search

Process

  • If browser has a Session cookie:
    • Search for Session matching the cookie
    • If found:
      • Session bookkeeping: update WhenUsed
      • Account bookkeeping: update WhenUsed
      • Login object bookkeeping: note session-logged-in
    • Else (no matching Session)
      • if Session ID matches but token is wrong:
        • Event log: token mismatch (possible hacking attempt)
      • Create new Session
      • Send correct Session cookie to browser
      • Login object bookkeeping: note not-logged-in
  • Else (no Session cookie)
    • Search for Session matching the browser profile
    • If found:
      • Generate Session cookie and send it to browser
      • Login object bookkeeping: note not-logged-in

Code

Everything starts with csLogin::IsLoggedIn(), which calls...

  • csLogin::Validity()
    • csLogin::Validate()
      • <Session Feature>->MakeActiveSession()
        • <Session Feature>->ActivateSession()