Extension:SecureSessions/Internals

This page is an overview of the internals of Extension:SecureSessions, in order to facilitate its maintenance.

Classes
There are one main class,, and a secondary class,.

A setup function creates the main object ; this objects has 5 main methods corresponding to the hooks, and three private properties about configuration :   (sessions restricted to the IP),   (sessions restricted to the user agent),   (only one session is authorized).

SecureSessions uses the library geoip-api-php from MaxMind for the mechanism of country restriction. It is in the subdirectory  and the IP database is in the subdirectory.

Data model
SecureSessions works with informations stored in: cookies, PHP sessions, object cache, user preferences.

Cookies:
 * RestrictUA
 * RestrictIP

PHP sessions:
 * wsUserAgent : set in onUserSetCookies, used in onUserLoadFromSession, unset in onUserLogout
 * wsIPAddress : set in onUserSetCookies, used in onUserLoadFromSession, unset in onUserLogout
 * wsObsolete : set in the setup function, used in onUserLoadFromSession
 * wsExpiry : set in the setup function, used in onUserLoadFromSession
 * id : set in onUserSetCookies and onUserLoadFromSession (internal method updateSessionCache), used in Special:Sessions, unset in onUserLogout (internal method deleteSessionCache)

Object cache:
 * Keys {wikiPrefix}:{userID}:sessions : set in onUserSetCookies and onUserLoadFromSession (internal method updateSessionCache), used in Special:Sessions and onPersonalUrls, unset in onUserLogout (internal method deleteSessionCache)

User preferences:
 * securesessions-country, available in "personal/info" when cldr is activated
 * securesessions-tor, available in "personal/info" when TorBlock is activated