Difference between revisions of "HyperAdmin Session"
Jump to navigation
Jump to search
(→Sequence of Events: -> Rules; reworking pseudo-code) |
|||
| Line 7: | Line 7: | ||
There is more discussion of Sessions in the context of a shopping cart system (for which HyperAdmin was, in part, designed) in [[vbzwiki:VbzCart]]. | There is more discussion of Sessions in the context of a shopping cart system (for which HyperAdmin was, in part, designed) in [[vbzwiki:VbzCart]]. | ||
== | ==Rules== | ||
Sessions depend on the following parameters, in order of increasing trust: | |||
*'''browser & IP address''' - required | |||
*'''verified username''' - optional | |||
*'''session cookie''' - optional; if present, session must already exist | |||
*On load of any session-enabled page: | *On load of any session-enabled page: | ||
*#Try to match with existing session: | *# Try to match with existing session: | ||
*#* | *#* If input has session cookie: | ||
*#*If no session cookie, look for unexpired IP/browser match | *#** If session cookie matches one in database | ||
*#*** Set $session_found flag | |||
*#*** If input has verified username: | |||
*#**** Expire all *other* sessions with same username | |||
*#** ...Else (cookie not found in db) | |||
*#*** Log HACK_WARNING (may just be a long-delayed return, but shouldn't happen too often) | |||
*#*** Set $session_expired flag | |||
*#* ...Else (no session cookie): | |||
*#** If input has verified username: | |||
*#*** Expire all sessions with same username | |||
*#*** Set $new_session flag | |||
*#** ...Else (no verified username): | |||
*If no session cookie, look for unexpired IP/browser match | |||
*#If no usable existing session found, create a new one | *#If no usable existing session found, create a new one | ||
Flags: | |||
*$session_found -- existing session found which matches input parameters (cookie or browser) | |||
*$session_invalid -- session specified in input parameters is not valid | |||
Revision as of 22:16, 15 August 2005
A session is when a particular user is connected to HyperAdmin using a particular browser on a particular computer.
A session also helps keep track of immediate user preferences, e.g. searching only certain item types or topics.
There is more discussion of Sessions in the context of a shopping cart system (for which HyperAdmin was, in part, designed) in vbzwiki:VbzCart.
Rules
Sessions depend on the following parameters, in order of increasing trust:
- browser & IP address - required
- verified username - optional
- session cookie - optional; if present, session must already exist
- On load of any session-enabled page:
- Try to match with existing session:
- If input has session cookie:
- If session cookie matches one in database
- Set $session_found flag
- If input has verified username:
- Expire all *other* sessions with same username
- ...Else (cookie not found in db)
- Log HACK_WARNING (may just be a long-delayed return, but shouldn't happen too often)
- Set $session_expired flag
- If session cookie matches one in database
- ...Else (no session cookie):
- If input has verified username:
- Expire all sessions with same username
- Set $new_session flag
- ...Else (no verified username):
- If input has verified username:
- If input has session cookie:
- Try to match with existing session:
- If no session cookie, look for unexpired IP/browser match
- If no usable existing session found, create a new one
Flags:
- $session_found -- existing session found which matches input parameters (cookie or browser)
- $session_invalid -- session specified in input parameters is not valid