HyperAdmin Session

HyperAdmin: Session

A session is when a particular user is connected to HyperAdmin using a particular browser on a particular computer.

A session also helps keep track of immediate user preferences, e.g. searching only certain item types or topics.

There is more discussion of Sessions in the context of a shopping cart system (for which HyperAdmin was, in part, designed) in vbzwiki:VbzCart.

Rules

Sessions depend on the following parameters, in order of increasing trust:

• browser & IP address - required
• verified username - optional
• session cookie - optional; if present, session must already exist

• On load of any session-enabled page:
  1. Try to match with existing session:
     • If input has session cookie:
       • If session cookie matches one in database
         • Set $session_found flag
         • If input has verified username:
           • Expire all *other* sessions with same username
       • ...Else (cookie not found in db)
         • Log HACK_WARNING (may just be a long-delayed return, but shouldn't happen too often)
         • Set $session_expired flag
     • ...Else (no session cookie):
       • If input has verified username:
         • Expire all sessions with same username
         • Set $new_session flag
       • ...Else (no verified username):
• If no session cookie, look for unexpired IP/browser match

• 1. If no usable existing session found, create a new one

Flags:

• $session_found -- existing session found which matches input parameters (cookie or browser)
• $session_invalid -- session specified in input parameters is not valid