Difference between revisions for Users / Eo Ny




← Previous edit
Next edit →

Version1 Version2
1807 1807
1808 ---- 1808 ----
1809 1809
1810 === TODO Items (From Code Comments) === 1810 ===TODO Items (From Code Comments)===
1811    
1812 The following improvements are planned: 1811 The following improvements are planned:
1813   1. **Do not store session ID in filename or DB index - store hash instead** 1812   1. **Do not store session ID in filename or DB index - store hash instead**
1814   - Improves security by not exposing IDs in storage layer 1813     - Improves security by not exposing IDs in storage layer
1815   - Would require hashing logic in store_* methods 1814     - Would require hashing logic in store_* methods
1816   2. **Log of IP changes and other possible security alerts** 1815   2. **Log of IP changes and other possible security alerts**
1817   - Track ##sticky__ip## changes more comprehensively 1816     - Track ##sticky__ip## changes more comprehensively
1818   - Create security audit trail 1817     - Create security audit trail
1819   3. **Allocate internal unique session which lives through lifetime of uber-session** 1818   3. **Allocate internal unique session which lives through lifetime of uber-session**
1820   - Multi-session management (parent/child sessions) 1819     - Multi-session management (parent/child sessions)
1821   - Useful for complex user flows 1820     - Useful for complex user flows
1822   4. **Do not delete old sessions, but use them as hijack pointers** 1821   4. **Do not delete old sessions, but use them as hijack pointers**
1823   - Maintain session history for analysis 1822     - Maintain session history for analysis
1824   - Detect potential session hijacking patterns 1823     - Detect potential session hijacking patterns
1825   - Implement session relationship tracking 1824     - Implement session relationship tracking
1826   5. **All SIDs used later than ~5secs of regenerations is hijacks** 1825   5. **All SIDs used later than ~5secs of regenerations is hijacks**
1827   - Detect and block delayed session ID usage 1826     - Detect and block delayed session ID usage
1828   - Current implementation allows 5-second window 1827     - Current implementation allows 5-second window
1829   - Could be more granular 1828     - Could be more granular
1830 1829
1831 ---- 1830 ----
1832 1831
1853 1852
1854 ---- 1853 ----
1855 1854
1856 === Version History === 1855 ===Version History===
1857   - **Current**: Abstract session class with security features 1856   - **Current**: Abstract session class with security features
1858   - **Planned**: Implementation of TODO items above 1857   - **Planned**: Implementation of TODO items above
1859 1858
1860 ---- 1859 ----
1861   *Documentation generated: 2026-05-05* 1860 **Documentation generated: 2026-05-05**
1862   *For latest updates, see: https://github.com/Trojer/wackowiki/blob/main/docs/SESSION_DOCUMENTATION.md* 1861 **For latest updates, see: https://github.com/Trojer/wackowiki/blob/main/docs/SESSION_DOCUMENTATION.md**