From MediaWiki.org
Jump to navigation Jump to search

This page is an overview of the internals of Extension:SecureSessions, in order to facilitate its maintenance.


There are one main class, SecureSessions, and a secondary class, SpecialSessions.

A setup function creates the main object SecureSessions; this objects has 5 main methods corresponding to the hooks, and three private properties about configuration : $ip (sessions restricted to the IP), $userAgent (sessions restricted to the user agent), $oneSession (only one session is authorized).

SecureSessions uses the library geoip-api-php from MaxMind for the mechanism of country restriction. It is in the subdirectory php-geoip and the IP database is in the subdirectory geoip.

Data model[edit]

SecureSessions works with informations stored in: cookies, PHP sessions, object cache, user preferences.


  • RestrictUA
  • RestrictIP

PHP sessions:

Object cache:

User preferences:

  • securesessions-country, available in "personal/info" when cldr is activated
  • securesessions-tor, available in "personal/info" when TorBlock is activated