Difference between revisions of "HyperAdmin Session"
Jump to navigation
Jump to search
(→Rules) |
|||
| (One intermediate revision by the same user not shown) | |||
| Line 7: | Line 7: | ||
There is more discussion of Sessions in the context of a shopping cart system (for which HyperAdmin was, in part, designed) in [[vbzwiki:VbzCart]]. | There is more discussion of Sessions in the context of a shopping cart system (for which HyperAdmin was, in part, designed) in [[vbzwiki:VbzCart]]. | ||
== | ==Rules== | ||
* | Sessions depend on the following parameters, in order of increasing trust: | ||
*# | *'''browser & IP address''' - required | ||
*#* | *'''verified username''' - optional | ||
*#* | *'''session cookie''' - optional; if present, session must already exist | ||
*# | |||
===Pseudo-Code=== | |||
* '''Phase I''': look at input, compare with database, and decide what to do | |||
*# If input has session cookie: | |||
*#* If session cookie matches one in database | |||
*#** Set '''$session_found''' ID to the one found | |||
*#** Set '''$session_cookie_found''' to TRUE | |||
*#** If input has verified username: | |||
*#*** Expire all *other* sessions with same username | |||
*#* ...Else (cookie not found in db) | |||
*#** Log HACK_WARNING (may just be a long-delayed return, but shouldn't happen too often) | |||
*#** Set '''$session_invalid''' flag | |||
*# ...Else (no session cookie): | |||
*#* If input has verified username: | |||
*#** Expire all sessions with same username | |||
*#** Set '''$new_session''' flag | |||
*#* ...Else (no verified username): | |||
*#** Search [sessions] table for IP/browswer match | |||
*#** If IP/browser match found: | |||
*#*** Set '''$session_found''' ID to the one found | |||
*#** ...Else (no IP/browser match): | |||
*#*** Set '''$new_session''' flag | |||
* '''Phase II''': take action | |||
*# if '''$session_found''': | |||
*#* if NOT '''$session_cookie_found''': | |||
*#** set session cookie | |||
*# ...Else (NOT '''$session_found'''): | |||
*#* if '''$session_invalid''': | |||
*#** set '''$new_session flag''' | |||
*#* if '''$new_session''' flag: | |||
*#** Create new session | |||
*#** Set session cookie | |||
*#* ...else NOT '''$new_session''' flag: | |||
*#** Log INTERNAL_ERROR: no valid session but we're not creating a new one --?? | |||
Variables: | |||
*'''$session_found''' -- ID of existing session found which matches input parameters (cookie or browser) | |||
*'''$session_cookie_found''' -- session cookie is already set | |||
*'''$session_invalid''' -- session specified in input parameters is not valid | |||
*'''$new_session''' -- if TRUE, need to create a new session record | |||
Latest revision as of 01:35, 16 August 2005
A session is when a particular user is connected to HyperAdmin using a particular browser on a particular computer.
A session also helps keep track of immediate user preferences, e.g. searching only certain item types or topics.
There is more discussion of Sessions in the context of a shopping cart system (for which HyperAdmin was, in part, designed) in vbzwiki:VbzCart.
Rules
Sessions depend on the following parameters, in order of increasing trust:
- browser & IP address - required
- verified username - optional
- session cookie - optional; if present, session must already exist
Pseudo-Code
- Phase I: look at input, compare with database, and decide what to do
- If input has session cookie:
- If session cookie matches one in database
- Set $session_found ID to the one found
- Set $session_cookie_found to TRUE
- If input has verified username:
- Expire all *other* sessions with same username
- ...Else (cookie not found in db)
- Log HACK_WARNING (may just be a long-delayed return, but shouldn't happen too often)
- Set $session_invalid flag
- If session cookie matches one in database
- ...Else (no session cookie):
- If input has verified username:
- Expire all sessions with same username
- Set $new_session flag
- ...Else (no verified username):
- Search [sessions] table for IP/browswer match
- If IP/browser match found:
- Set $session_found ID to the one found
- ...Else (no IP/browser match):
- Set $new_session flag
- If input has verified username:
- If input has session cookie:
- Phase II: take action
- if $session_found:
- if NOT $session_cookie_found:
- set session cookie
- if NOT $session_cookie_found:
- ...Else (NOT $session_found):
- if $session_invalid:
- set $new_session flag
- if $new_session flag:
- Create new session
- Set session cookie
- ...else NOT $new_session flag:
- Log INTERNAL_ERROR: no valid session but we're not creating a new one --??
- if $session_invalid:
- if $session_found:
Variables:
- $session_found -- ID of existing session found which matches input parameters (cookie or browser)
- $session_cookie_found -- session cookie is already set
- $session_invalid -- session specified in input parameters is not valid
- $new_session -- if TRUE, need to create a new session record