Class: SessionManager

Applications will want to override this method in order to work with cookies used by the authorization process.

Applications will want to override this method in order to work with cookies used by the authorization process.

By default, this method returns the parameter untouched. Applications may hash the password or may encrypt or decrypt in order to find a string for comparison.

This method will start a user's session, enabling calls to asset delivery and to processess state transitions. This method is called only after the session has been authorized and a session token has been created for it. Also, this method only handles transition objects that have a user_op set to login.

Given the user object is still in the DB, the user logged_in field will be set to true. And, this state change will be stored in the DB for reference by this and other processes.

Finally, the session for this user will be recorded in the session tables, and data created for the session will be released.

Only available in the general_auth which should only be used in processes that are processing users. This is not in the auth_session_lite, which is used by processes checking user ownership and permissions, but those processes do not initiate user sessions or offer processing for new entries....

if the user session state can be initialized, this returns the elements map required by the cached transition object.

This method first checks the DB user password against password data obtained from the client. Given the password check works, the transition object is flagged for a secondary action.

The loginTransitionFields is called in order to create the session identifier and store it in local in-memory hash tables.

Set the forgetfulness_proceed for the applications that handle forgotten passwords.

By default this method just checks to see if two strings are equal. Applications will want to do something more sophisticated, e.g. checking a signature.

This method is the target of user processing classes, that can be found in the contractual directory.

The user processing classes help with the existence of users and the management of their sessions.

There operations that this method handles are login, logout and registration.

Handling forgot, for forgotten passwords is deprecated and may become be handled by transition processing at a later date.

The logout operation leads to a call to destroySession.

The operations login and register lead to calls to their transition

This method stores a user in the data base for the first time.

In some applications this storing of the user is something perpetual. In other applications, the user is stored newly each time with permanent identity storage happening elsewhere.

The registration can also create a session by calling generate_session_token This also creates an elements map with a match field for the session.

This method responds to a client request by upd

finalize_transition in some applications use this method. The invokation of finalize_transition is typically during a secondary action and part of an active session. The token, from the stached transition object is expected in the client request data.

The token will map, via DB query on the key-value DB to a value to be used in the query for the user object in the user table of the DB. If the keyed value and the user can be found, then the password introduced by the client request's post body will be hashed and stored if the user object has the field updates set to an object containing the desired password. The update password and the post body password must check.

If the passwords check out, then the user password can be updated and stored in the DB for future transactions.

The value this returns may be passed onto a business process, if the application is so condigured.