HyperAdmin Session

From HypertWiki
Revision as of 22:16, 15 August 2005 by Woozle (talk | contribs) (→‎Sequence of Events: -> Rules; reworking pseudo-code)
Jump to navigation Jump to search

HyperAdmin: Session

A session is when a particular user is connected to HyperAdmin using a particular browser on a particular computer.

A session also helps keep track of immediate user preferences, e.g. searching only certain item types or topics.

There is more discussion of Sessions in the context of a shopping cart system (for which HyperAdmin was, in part, designed) in vbzwiki:VbzCart.

Rules

Sessions depend on the following parameters, in order of increasing trust:

  • browser & IP address - required
  • verified username - optional
  • session cookie - optional; if present, session must already exist
  • On load of any session-enabled page:
    1. Try to match with existing session:
      • If input has session cookie:
        • If session cookie matches one in database
          • Set $session_found flag
          • If input has verified username:
            • Expire all *other* sessions with same username
        • ...Else (cookie not found in db)
          • Log HACK_WARNING (may just be a long-delayed return, but shouldn't happen too often)
          • Set $session_expired flag
      • ...Else (no session cookie):
        • If input has verified username:
          • Expire all sessions with same username
          • Set $new_session flag
        • ...Else (no verified username):
  • If no session cookie, look for unexpired IP/browser match
    1. If no usable existing session found, create a new one

Flags:

  • $session_found -- existing session found which matches input parameters (cookie or browser)
  • $session_invalid -- session specified in input parameters is not valid