Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
internals:internals-session [2007/08/24 08:22]
serge.aumont@cru.fr
internals:internals-session [2018/03/29 03:47] (current)
ikeda@conversion.co.jp Obsoletion
Line 1: Line 1:
-====== Internals: SympaSession.pm ======+====== ​× Internals: SympaSession.pm ====== 
 +<note warning>​ 
 +  * This document was obsoleted. 
 + 
 +</​note>​
  
 This module provides objects to create, load, store and remove sessions. This module provides objects to create, load, store and remove sessions.
  
-===== How to use sessions objet ? ===== 
-Session are initialized at beginning of the main wwsympa loop. They are updated at the end of this loop. So basic extention of sessions usage in wwsympa just need to set new session vars anyware in wwsympa.fcgi actions. Imagine you want to introduce in Sympa a menu to change the user interface skin. You will probably introduce a new action associated with a form to choose skins ; this form will introduce wwsympa an incomming parameter named $in{'​skin_name'​}. This parameter will become a property of the current session just by the following instruction : 
  
-  ​$session->​{'​skin_name'​} = in{'​skin_name'​};​+===== How to use sessions object ? ===== 
 +Session are initialized at the beginning of the main wwsympa loop. They are updated at the end of this loop. So basic extension of sessions usage in wwsympa just needs to set new session vars anywhere in wwsympa.fcgi actions. Imagine you want to introduce a menu in Sympa to change the user interface skin. You will probably introduce a new action associated with a form to choose skins; this form will introduce in wwsympa an incoming parameter named $in{'​skin_name'​}. This parameter will become a property of the current session just by the following instruction : 
 + 
 +  ​$session->​{'​skin_name'​} = $in{'​skin_name'​};​
  
 That's all ! That's all !
 +
 +===== Session and authentication =====
 +
 +At first access in wwsympa.fcgi a new session is created. The session will continue until a period of unactivity longer then $Conf{'​session_table_ttl'​}. Note that sessions don't start just when users logs in but a session is created even for anonymous users and sessions don't stop when users logs out. So an important property of a session is $session->​{'​email'​}. This var is initialized with '​nobody'​ if user is not identified.
 +
 +Because of this possibility of anonymous sessions we can carry some sessions properties for anonymous users. As an example of features that are possible with anonymous sessions : listmaster can change the log level for his sessions. Ones this is done he can log out and test some part of the application as an anonymous user still with a log_level associated with his current session.
 +
 +
 +
 +
  
 ==== new() ==== ==== new() ====
Line 31: Line 46:
 store() convert a set of vars into a //​data_session//​ string which can be stored in the database using tools::​hash_2_string store() convert a set of vars into a //​data_session//​ string which can be stored in the database using tools::​hash_2_string
  
 +store() renew the session_id. This make the session hijaking much more diffcult. (([[http://​en.wikipedia.org/​wiki/​Session_hijacking#​Prevention]]))
  
 ==== purge_old_sessions() ==== ==== purge_old_sessions() ====
  • internals/internals-session.1187936532.txt.gz
  • Last modified: 2007/08/24 08:31
  • (external edit)