Class: SessionTokenManager

SessionTokenManager(conf, db_obj, tokenStorage)

The Session Token Manager deals JSON objects arriving from some session oriented client. The JSON object is interned and stored as in the language's data object format. Certain fields may be expected in the data object. Methods for some default case are provided, but it is expected the application will override these methods and provide access for fields germain to the application.

Provides basic methods for generating session tokens, stashing and unstashing.

Manages a reference to a hashing method, called by do_hash.

Constructor

new SessionTokenManager(conf, db_obj, tokenStorage)

The configuration may bind the field forhash to a hashing function that will be used throughout the runtime.

The db_obj is a reference to a class instance that knows how to talk to a database.

The tokenStorage parameter is a required class reference that can generate a instance that manages tables of tokens.

Initializes a table release_session_data for keeping data between client repsonses, where data comes from user objects, most likely obtained from the DB. In particular, the data will have a named field provided by sess_data_accessor. The data lasts until the user session is initialized by an authorization process, one that uses the general authorization (as opposed to light authorizatoin).

Parameters:
Name Type Description
conf object
db_obj object
tokenStorage Class
Source:

Extends

  • TokenTables

Methods

(async) addSession(key, session_token)

Calls upon token storage to save the session and the relationship to its owner.

Parameters:
Name Type Description
key string
  • a key, mostly likely a ucwid that identifies an owner of the session
session_token string
  • a session token (should be made by generate_session_token)
Source:

destroySession(token)

Calls upon token storage to termiate a session and the tokens that expire with its termination. The parameter passed is the session's transition token, which had been created for authorization transitions. The parameter is used to obtain the session token.

Parameters:
Name Type Description
token string
  • the session's authorization transition token.
Source:

do_hash(str) → {string}

Synonimic method to expose the hash function field, a configurable parameter

Parameters:
Name Type Description
str string
Source:
Returns:
  • the hash of the string
Type
string

generate_session_token(post_body)

Makes a session token and returns it as a string

Uses access to a default hash function set globally for the application

This method concatentates two informational parts and one nonce to make a parameter to a hash function in order to get a key that may be used as the session identifier.

Parameters:
Name Type Description
post_body object
  • this is the JSON post body from the web application
Source:

sess_data_accessor()

Return the field name of the user object that references data that should be accessed as part of the session

Source:

(async) sessionCurrent(session_token, src_keyopt)

Checks to see if a session is current. The source key may be supplied to check on the hash of owner related data.

Parameters:
Name Type Attributes Description
session_token string
  • a session token (should be made by generate_session_token)
src_key string <optional>
  • data returned from storing the transition token
Source:

stash_session_token(user, transtion_object)

Stashes a session in the 'elements' map of the server-side transition object

Parameters:
Name Type Description
user object
  • The user object is most likely extracted from the DB
transtion_object object
  • a nascent transition object that has both server side and client side aspects, but must contain the newly generated session token
Source:

unstash_session_token()

given the server side transition object for an authorization transition retrieve the sesssion token from the transition object's elements fields

Source: