Sessions

Let's touch ground on what a session library/class should do, in this project, in my opinion...

Before anything, let me start on how I see page request in the app. Any page request (including ajax calls, any of them) will fall in any of these two cateogries: public+sessionless and loggedid+session. Or you are working logged into the app and you has to have a valid session or you are outside accessing some public pages.

Public pages

Here comes the login/landing page. Reset password page. Forgot password page. Register user page.

Logged-in pages

Once logged in, all pages in the app should be in this category and the important thing here is that a session should be mantained. So that a session should start with the login and end with the logout. On every page request, a session timout should be checked (if we configure one).

So regarding on coding this session page and prepearing the framework to have public/private pages, and after reading lots of notes on sessions, storing in files or db, regenerating id, etc., I decided to keep it simple and if there's time and will, in the future i'll polish the sessions library or even rewrite it.

Here's the diagrams that I have in mind to explain the sessions class ussage. (oh, btw, it won't be a library because this is not optional (as databases that i can have pages that doesn't requiere access to db (like public pages)), it will be part of the core)

[augusto wloch]

tasks:
.create session class skeleton.
.include and instatiate from core class
.add configuration options to set a public zone (a set of URIs)
.modify core to evaluate if requested page is in public zone
.create faux login page
.fill all the gaps
.test
.open a bottle of wine