Difference between revisions of "HyperAdmin Session"

From HypertWiki
Jump to navigation Jump to search
 
 
(One intermediate revision by the same user not shown)
Line 7: Line 7:
There is more discussion of Sessions in the context of a shopping cart system (for which HyperAdmin was, in part, designed) in [[vbzwiki:VbzCart]].
There is more discussion of Sessions in the context of a shopping cart system (for which HyperAdmin was, in part, designed) in [[vbzwiki:VbzCart]].


==Sequence of Events==
==Rules==
*On load of any session-enabled page:
Sessions depend on the following parameters, in order of increasing trust:
*#Try to match with existing session:
*'''browser & IP address''' - required
*#*Check for session cookie; if found, use that
*'''verified username''' - optional
*#*If no session cookie, look for unexpired IP/browser match
*'''session cookie''' - optional; if present, session must already exist
*#If no usable existing session found, create a new one
 
===Pseudo-Code===
 
* '''Phase I''': look at input, compare with database, and decide what to do
*# If input has session cookie:
*#* If session cookie matches one in database
*#** Set '''$session_found''' ID to the one found
*#** Set '''$session_cookie_found''' to TRUE
*#** If input has verified username:
*#*** Expire all *other* sessions with same username
*#* ...Else (cookie not found in db)
*#** Log HACK_WARNING (may just be a long-delayed return, but shouldn't happen too often)
*#** Set '''$session_invalid''' flag
*# ...Else (no session cookie):
*#* If input has verified username:
*#** Expire all sessions with same username
*#** Set '''$new_session''' flag
*#* ...Else (no verified username):
*#** Search [sessions] table for IP/browswer match
*#** If IP/browser match found:
*#*** Set '''$session_found''' ID to the one found
*#** ...Else (no IP/browser match):
*#*** Set '''$new_session''' flag
* '''Phase II''': take action
*# if '''$session_found''':
*#* if NOT '''$session_cookie_found''':
*#** set session cookie
*# ...Else (NOT '''$session_found'''):
*#* if '''$session_invalid''':
*#** set '''$new_session flag'''
*#* if '''$new_session''' flag:
*#** Create new session
*#** Set session cookie
*#* ...else NOT '''$new_session''' flag:
*#** Log INTERNAL_ERROR: no valid session but we're not creating a new one --??
 
Variables:
*'''$session_found''' -- ID of existing session found which matches input parameters (cookie or browser)
*'''$session_cookie_found''' -- session cookie is already set
*'''$session_invalid''' -- session specified in input parameters is not valid
*'''$new_session''' -- if TRUE, need to create a new session record

Latest revision as of 01:35, 16 August 2005

HyperAdmin: Session

A session is when a particular user is connected to HyperAdmin using a particular browser on a particular computer.

A session also helps keep track of immediate user preferences, e.g. searching only certain item types or topics.

There is more discussion of Sessions in the context of a shopping cart system (for which HyperAdmin was, in part, designed) in vbzwiki:VbzCart.

Rules

Sessions depend on the following parameters, in order of increasing trust:

  • browser & IP address - required
  • verified username - optional
  • session cookie - optional; if present, session must already exist

Pseudo-Code

  • Phase I: look at input, compare with database, and decide what to do
    1. If input has session cookie:
      • If session cookie matches one in database
        • Set $session_found ID to the one found
        • Set $session_cookie_found to TRUE
        • If input has verified username:
          • Expire all *other* sessions with same username
      • ...Else (cookie not found in db)
        • Log HACK_WARNING (may just be a long-delayed return, but shouldn't happen too often)
        • Set $session_invalid flag
    2. ...Else (no session cookie):
      • If input has verified username:
        • Expire all sessions with same username
        • Set $new_session flag
      • ...Else (no verified username):
        • Search [sessions] table for IP/browswer match
        • If IP/browser match found:
          • Set $session_found ID to the one found
        • ...Else (no IP/browser match):
          • Set $new_session flag
  • Phase II: take action
    1. if $session_found:
      • if NOT $session_cookie_found:
        • set session cookie
    2. ...Else (NOT $session_found):
      • if $session_invalid:
        • set $new_session flag
      • if $new_session flag:
        • Create new session
        • Set session cookie
      • ...else NOT $new_session flag:
        • Log INTERNAL_ERROR: no valid session but we're not creating a new one --??

Variables:

  • $session_found -- ID of existing session found which matches input parameters (cookie or browser)
  • $session_cookie_found -- session cookie is already set
  • $session_invalid -- session specified in input parameters is not valid
  • $new_session -- if TRUE, need to create a new session record