Difference between revisions of "HyperAdmin Session"

From HypertWiki
Jump to navigation Jump to search
(→‎Sequence of Events: -> Rules; reworking pseudo-code)
 
Line 13: Line 13:
*'''session cookie''' - optional; if present, session must already exist
*'''session cookie''' - optional; if present, session must already exist


*On load of any session-enabled page:
===Pseudo-Code===
*# Try to match with existing session:
 
*#* If input has session cookie:
* '''Phase I''': look at input, compare with database, and decide what to do
*#** If session cookie matches one in database
*# If input has session cookie:
*#*** Set $session_found flag
*#* If session cookie matches one in database
*#*** If input has verified username:
*#** Set '''$session_found''' ID to the one found
*#**** Expire all *other* sessions with same username
*#** Set '''$session_cookie_found''' to TRUE
*#** ...Else (cookie not found in db)
*#*** Log HACK_WARNING (may just be a long-delayed return, but shouldn't happen too often)
*#*** Set $session_expired flag
*#* ...Else (no session cookie):
*#** If input has verified username:
*#** If input has verified username:
*#*** Expire all sessions with same username
*#*** Expire all *other* sessions with same username
*#*** Set $new_session flag
*#* ...Else (cookie not found in db)
*#** ...Else (no verified username):
*#** Log HACK_WARNING (may just be a long-delayed return, but shouldn't happen too often)
*If no session cookie, look for unexpired IP/browser match
*#** Set '''$session_invalid''' flag
 
*# ...Else (no session cookie):
*#If no usable existing session found, create a new one
*#* If input has verified username:
*#** Expire all sessions with same username
*#** Set '''$new_session''' flag
*#* ...Else (no verified username):
*#** Search [sessions] table for IP/browswer match
*#** If IP/browser match found:
*#*** Set '''$session_found''' ID to the one found
*#** ...Else (no IP/browser match):
*#*** Set '''$new_session''' flag
* '''Phase II''': take action
*# if '''$session_found''':
*#* if NOT '''$session_cookie_found''':
*#** set session cookie
*# ...Else (NOT '''$session_found'''):
*#* if '''$session_invalid''':
*#** set '''$new_session flag'''
*#* if '''$new_session''' flag:
*#** Create new session
*#** Set session cookie
*#* ...else NOT '''$new_session''' flag:
*#** Log INTERNAL_ERROR: no valid session but we're not creating a new one --??


Flags:
Variables:
*$session_found -- existing session found which matches input parameters (cookie or browser)
*'''$session_found''' -- ID of existing session found which matches input parameters (cookie or browser)
*$session_invalid -- session specified in input parameters is not valid
*'''$session_cookie_found''' -- session cookie is already set
*'''$session_invalid''' -- session specified in input parameters is not valid
*'''$new_session''' -- if TRUE, need to create a new session record

Latest revision as of 01:35, 16 August 2005

HyperAdmin: Session

A session is when a particular user is connected to HyperAdmin using a particular browser on a particular computer.

A session also helps keep track of immediate user preferences, e.g. searching only certain item types or topics.

There is more discussion of Sessions in the context of a shopping cart system (for which HyperAdmin was, in part, designed) in vbzwiki:VbzCart.

Rules

Sessions depend on the following parameters, in order of increasing trust:

  • browser & IP address - required
  • verified username - optional
  • session cookie - optional; if present, session must already exist

Pseudo-Code

  • Phase I: look at input, compare with database, and decide what to do
    1. If input has session cookie:
      • If session cookie matches one in database
        • Set $session_found ID to the one found
        • Set $session_cookie_found to TRUE
        • If input has verified username:
          • Expire all *other* sessions with same username
      • ...Else (cookie not found in db)
        • Log HACK_WARNING (may just be a long-delayed return, but shouldn't happen too often)
        • Set $session_invalid flag
    2. ...Else (no session cookie):
      • If input has verified username:
        • Expire all sessions with same username
        • Set $new_session flag
      • ...Else (no verified username):
        • Search [sessions] table for IP/browswer match
        • If IP/browser match found:
          • Set $session_found ID to the one found
        • ...Else (no IP/browser match):
          • Set $new_session flag
  • Phase II: take action
    1. if $session_found:
      • if NOT $session_cookie_found:
        • set session cookie
    2. ...Else (NOT $session_found):
      • if $session_invalid:
        • set $new_session flag
      • if $new_session flag:
        • Create new session
        • Set session cookie
      • ...else NOT $new_session flag:
        • Log INTERNAL_ERROR: no valid session but we're not creating a new one --??

Variables:

  • $session_found -- ID of existing session found which matches input parameters (cookie or browser)
  • $session_cookie_found -- session cookie is already set
  • $session_invalid -- session specified in input parameters is not valid
  • $new_session -- if TRUE, need to create a new session record
wiki file: https://hypertwins.org/mw/index.php?title=HyperAdmin_Session&oldid=4810