-
Notifications
You must be signed in to change notification settings - Fork 23.2k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[IMP] core: add session deletion mechanism
Objective: ---------- A user must be able to see which of his sessions/devices are active. Make it easy to block devices (individually or by group) and analyse current sessions. If a user notices unusual operations concerning him on another device, he must be able to stop these operations by blocking the session used by this device. General: -------- - A device is identified by a static part, the device's fingerprint (the user agent). - A device is tracked dynamically via its IP address and the time representing its last activity. - A device is always linked to one and only one session. - A session is linked to at least one device. If the fingerprint or IP address of a session is modified, we assume that a new device is detected, so it will be created. The same device is updated every X seconds in order to track its use in terms of duration of activity. The `_update_device` method is placed at the point where we want to collect information and check whether we need to create a new device. The location is important because it has to be able to intercept requests from scripts, for example, so as not to establish 'false' security. Blocking sessions: ------------------ Blocking a session by selecting a device must block the session directly. From an administrator's point of view, if we want to block a session, we expect the session file to be deleted directly on the filesystem. If the session file is no longer present on the filesystem, we can be sure that there is no longer any risk of session usurpation. Note: There are several ways of blocking the session, but this is the safest. Blocking a session based on DB values does not cover scenarios in which we perform a backup, for example. Find the session file: ---------------------- To find a session file on the filesystem, we need to know the sid of the session (as this is its filename). We don't want to store the sid in the database. However, we can store a part of it with: - a large enough part to be certain of the uniqueness of the session; - a small enough part that we cannot brute force the end of the sid. Browsing the filesystem has a certain performance cost (and can therefore have defects if abused). The proposed solution is to change the granularity of the way we store the session on the filesystem. This means finding a compromise between sub-folders and files per sub-folder to browse for a session file. The sid will be Base64 encoded in order to increase the number of sub-folders (64^2 instead of 16^2). Delete devices: --------------- The record representing a device is deleted via a garbage collector. Records for which the last activity is over a week old will be deleted. This allows us to keep recent traces of the device as well as its duration of activity (because we keep the first activity time). Task:3627898
- Loading branch information
Showing
15 changed files
with
669 additions
and
10 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.