HyperAdmin Session

From HypertWiki
Jump to navigation Jump to search

HyperAdmin: Session

A session is when a particular user is connected to HyperAdmin using a particular browser on a particular computer.

A session also helps keep track of immediate user preferences, e.g. searching only certain item types or topics.

There is more discussion of Sessions in the context of a shopping cart system (for which HyperAdmin was, in part, designed) in vbzwiki:VbzCart.

Rules

Sessions depend on the following parameters, in order of increasing trust:

  • browser & IP address - required
  • verified username - optional
  • session cookie - optional; if present, session must already exist

Pseudo-Code

  • Phase I: look at input, compare with database, and decide what to do
    1. If input has session cookie:
      • If session cookie matches one in database
        • Set $session_found ID to the one found
        • Set $session_cookie_found to TRUE
        • If input has verified username:
          • Expire all *other* sessions with same username
      • ...Else (cookie not found in db)
        • Log HACK_WARNING (may just be a long-delayed return, but shouldn't happen too often)
        • Set $session_invalid flag
    2. ...Else (no session cookie):
      • If input has verified username:
        • Expire all sessions with same username
        • Set $new_session flag
      • ...Else (no verified username):
        • Search [sessions] table for IP/browswer match
        • If IP/browser match found:
          • Set $session_found ID to the one found
        • ...Else (no IP/browser match):
          • Set $new_session flag
  • Phase II: take action
    1. if $session_found:
      • if NOT $session_cookie_found:
        • set session cookie
    2. ...Else (NOT $session_found):
      • if $session_invalid:
        • set $new_session flag
      • if $new_session flag:
        • Create new session
        • Set session cookie
      • ...else NOT $new_session flag:
        • Log INTERNAL_ERROR: no valid session but we're not creating a new one --??

Variables:

  • $session_found -- ID of existing session found which matches input parameters (cookie or browser)
  • $session_cookie_found -- session cookie is already set
  • $session_invalid -- session specified in input parameters is not valid
  • $new_session -- if TRUE, need to create a new session record