HTTP Class Technical Documentation (diff)

Difference between revisions for Users / Eo Ny / dev

Version1	Version2	Differences
1		~~# HTTP Class Technical Documentation~~
	1	== HTTP Class Technical Documentation ==
2	2
3		~~## Overview~~
	3	=== Overview ===
4	4
5		The ~~`Http` class (`src/class/http.php`~~) is a core component of the WackoWiki system responsible for handling HTTP request/response processing, session management, caching, and security features. This class acts as a bridge between the web server and the wiki engine.
	5	The ##Http## class (##src/class/http.php##) is a core component of the WackoWiki system responsible for handling HTTP request/response processing, session management, caching, and security features. This class acts as a bridge between the web server and the wiki engine.
6	6
7		File Location: ~~`src/class/http.php`~~
	7	File Location: ##src/class/http.php##
8	8	Language: PHP
9		Dependencies: Database class, Session classes, Utility classes (~~`Ut`), Diagnostics class (`Diag`~~)
	9	Dependencies: Database class, Session classes, Utility classes (##Ut##), Diagnostics class (##Diag##)
10	10
11		---
	11	----
12	12
13		~~## Class Properties~~
14	13
15		~~### Public Properties~~
16	14
17		~~\| Property \| Type \| Description \|~~
18		~~\|----------\|------\|-------------\|~~
19		~~\| `$tls_session` \| bool \| Indicates if the current session uses HTTPS/TLS encryption \|~~
20		~~\| `$request_uri` \| string \| Normalized REQUEST_URI (e.g., 'PageOfNoReturn/show?a=1') \|~~
21		~~\| `$ip` \| string \| Client's real IP address (accounts for proxies) \|~~
22		~~\| `$sess` \| Session \| Reference to the Session object \|~~
23		~~\| `$method` \| string \| Current HTTP method/request type \|~~
24	15
25		~~### Private Properties~~
26	16
27		~~\| Property \| Type \| Description \|~~
28		~~\|----------\|------\|-------------\|~~
29		~~\| `$db` \| object \| Database connection reference \|~~
30		~~\| `$tls_mark` \| string \| Cookie name for TLS session marking \|~~
31		~~\| `$page` \| string \| Current page name being processed \|~~
32		~~\| `$hash` \| string \| SHA1 hash of the page name \|~~
33		~~\| `$query` \| string \| Encoded query string \|~~
34		~~\| `$lang` \| string \| Current language code \|~~
35		~~\| `$file` \| string \| Cache file path \|~~
36		~~\| `$caching` \| int \| Flag indicating if page should be cached (0 or 1) \|~~
37	17
38		~~---~~
39	18
40		~~## Constructor~~
	19	=== Security Considerations ===
41	20
42		```php
43		public function __construct(&$db)
44		```
	21	==== 1. IP Address Spoofing ====
	22	- Validates IPs against private ranges
	23	- Filters proxy-provided IPs appropriately
	24	- Configurable reverse proxy trust
45	25
46		Purpose: Initializes the Http object and sets up HTTP session handling.
	26	==== 2. Session Security ====
	27	- Binds sessions to IP address
	28	- Binds sessions to TLS status
	29	- Supports both file and database storage
	30	- HttpOnly cookies by default
47	31
48		Parameters:
49		- `$db` - Database object reference
	32	==== 3. TLS Enforcement ====
	33	- Automatic HTTPS upgrade when configured
	34	- Marks TLS sessions to prevent downgrade attacks
	35	- HSTS header support
50	36
51		Initialization Steps:
52		1. Stores database reference
53		2. Extracts and normalizes REQUEST_URI
54		3. Detects TLS/HTTPS session status
55		4. Determines client's real IP address
56		5. Sets up TLS mark cookie name
57		6. Enforces TLS session upgrade if needed
	37	==== 4. Content Security ====
	38	- CSP headers to prevent XSS
	39	- X-Frame-Options to prevent clickjacking
	40	- X-Content-Type-Options to prevent MIME sniffing
	41	- Referrer-Policy control
	42	- Permissions-Policy for browser features
58	43
59		Example:
60		```php
61		$http = new Http($db);
62		```
	44	==== 5. File Serving ====
	45	- Validates file existence and readability
	46	- Prevents directory traversal via ##realpath()##
	47	- Rejects symbolic links
	48	- Special CSP for SVG and PDF files
63	49
64		---
	50	==== 6. Cache Security ====
	51	- Cached only for anonymous users
	52	- Disabled for sensitive operations (edit, watch)
	53	- Only GET requests cached
65	54
66		~~## Core Methods~~
	55	----
67	56
68		~~### Session Management~~
	57	=== Performance Optimization ===
69	58
70		#### `session($route): void`
71		Initializes the session handler (file-based or database-based).
	59	==== 1. Page Caching ====
	60	- Stores full HTML output
	61	- TTL-based expiration
	62	- Language and method-aware caching
	63	- Conditional request support (304 Not Modified)
72	64
73		~~Parameters:~~
74		~~- `$route` (int) - Routing flag:~~
75		- ~~Bit 2 (`$route & 2`): Enable static mode for files/freecap (disables replay prevention and ID regeneration)~~
	65	==== 2. MIME Type Caching ====
	66	- Loads MIME types once and caches
	67	- Regenerates only when config changes
76	68
77		Features:
78		- Selects storage backend (file or database)
79		- Configures cookie settings (security, path, httponly)
80		- Binds IP and TLS validation
81		- Recovers diagnostic logs from previous session
	69	==== 3. Session Options ====
	70	- File-based sessions for simple deployments
	71	- Database sessions for distributed systems
82	72
83		Example:
84		```php
85		$http->session(0); // Normal session
86		$http->session(2); // Static file serving mode
87		```
	73	==== 4. Compression ====
	74	- Manual gzip implementation
	75	- Proper Content-Length generation
	76	- Only compresses appropriate sizes
88	77
89		---
	78	----
90	79
91		### Caching System
92
93		#### `check_cache($page, $method): void`
94		Determines if a page can be cached and prepares the cache check.
95
96		Parameters:
97		- `$page` (string) - Page name to cache
98		- `$method` (string) - Request method/action (e.g., 'show', 'edit')
99
100		Caching Rules:
101		- ✅ Enabled for GET requests only
102		- ✅ Disabled for POST requests
103		- ❌ Never cached for 'edit' or 'watch' methods
104		- ✅ Only cached for anonymous users (no logged-in users)
105
106		Example:
107		```php
108		$http->check_cache('HomePage', 'show');
109		```
110
111		---
112
113		#### `store_cache(): void`
114		Saves the generated page content to cache file.
115
116		Features:
117		- Retrieves output buffer content
118		- Saves to cache file with proper permissions
119		- Records cache metadata in database
120		- Only executes if caching flag is set and user is anonymous
121
122		Example:
123		```php
124		// Called at end of page rendering
125		$http->store_cache();
126		```
127
128		---
129
130		#### `invalidate_page($page): int`
131		Invalidates all cached versions of a page.
132
133		Parameters:
134		- `$page` (string) - Page name to invalidate
135
136		Returns:
137		- Number of cache entries invalidated
138
139		Process:
140		1. Finds all cached versions (different methods/languages)
141		2. Touches files to past timestamp (faster than deletion)
142		3. Removes entries from cache metadata table
143		4. Returns count of invalidated caches
144
145		Example:
146		```php
147		$count = $http->invalidate_page('HomePage');
148		echo "Invalidated $count cache entries";
149		```
150
151		---
152
153		### TLS/HTTPS Security
154
155		#### `secure_base_url(): void`
156		Switches base URL from HTTP to HTTPS.
157
158		Purpose:
159		- Ensures all subsequent URLs use HTTPS
160		- Stores original HTTP URL for fallback
161		- Called when TLS session is detected
162
163		Example:
164		```php
165		$http->secure_base_url();
166		// $db->base_url now uses https://
167		```
168
169		---
170
171		#### `ensure_tls($url): void`
172		Enforces HTTPS for a specific URL and redirects if necessary.
173
174		Parameters:
175		- `$url` (string) - URL to secure
176
177		Behavior:
178		- If not already HTTPS and TLS is enabled, forces HTTPS redirect
179		- Handles both relative and absolute URLs
180		- Converts relative URLs using current server name
181
182		Example:
183		```php
184		$http->ensure_tls('/secure/payment');
185		```
186
187		---
188
189		### IP Address Detection
190
191		#### `real_ip(): string` (Private)
192		Detects client's real IP address accounting for proxies.
193
194		Proxy Headers Checked (in order):
195		1. `HTTP_X_CLUSTER_CLIENT_IP`
196		2. `HTTP_X_FORWARDED_FOR` (or custom header)
197		3. `HTTP_CLIENT_IP`
198		4. `HTTP_X_REMOTE_ADDR`
199		5. `REMOTE_ADDR` (fallback)
200
201		Features:
202		- Filters out private/reserved IP ranges
203		- Respects configured reverse proxy addresses
204		- Returns `'0.0.0.0'` as fallback
205
206		Configuration in Database:
207		- `reverse_proxy_addresses` - Comma/space-separated proxy IPs
208		- `reverse_proxy_header` - Custom header name (default: `X-Forwarded-For`)
209
210		Example:
211		```php
212		$client_ip = $http->ip; // e.g., "203.0.113.42"
213		```
214
215		---
216
217		### HTTPS Detection
218
219		#### `tls_session(): bool` (Private)
220		Detects if current connection uses HTTPS/TLS.
221
222		Checks (any being true = HTTPS):
223		- `$_SERVER['HTTPS']` is 'on'
224		- `$_SERVER['SERVER_PORT']` is 443
225		- `$_SERVER['HTTP_X_FORWARDED_PROTO']` is 'https'
226		- `$_SERVER['HTTP_X_FORWARDED_SSL']` is 'on'
227		- `$_SERVER['HTTP_X_FORWARDED_PORT']` is 443
228
229		---
230
231		### Security Headers
232
233		#### `http_security_headers(): void`
234		Sets security-related HTTP headers.
235
236		Headers Set:
237
238		\| Header \| Purpose \| Config Key \|
239		\|--------\|---------\|------------\|
240		\| Content-Security-Policy \| XSS/injection protection \| `csp` \|
241		\| Permissions-Policy \| Control browser features \| `permissions_policy` \|
242		\| Referrer-Policy \| Control referrer information \| `referrer_policy` \|
243		\| Strict-Transport-Security \| Force HTTPS \| Auto (TLS only) \|
244		\| X-Frame-Options \| Clickjacking protection \| Hardcoded: `SAMEORIGIN` \|
245		\| X-Content-Type-Options \| MIME sniffing prevention \| Hardcoded: `nosniff` \|
246
247		CSP Configuration Options:
248		- `0` - Disabled
249		- `1` - Default policy (from `csp.conf`)
250		- `2` - Custom policy (from `csp_custom.conf`)
251
252		Example:
253		```php
254		$http->http_security_headers();
255		```
256
257		---
258
259		### HTTP Methods
260
261		#### `redirect($url, $permanent = false): void`
262		Performs an HTTP redirect.
263
264		Parameters:
265		- `$url` (string) - Target URL
266		- `$permanent` (bool) - Use 301 (permanent) vs 302 (temporary)
267
268		Features:
269		- Decodes `&` entities to prevent broken redirects
270		- Only works if headers not yet sent
271		- Uses output buffering to work anywhere in page processing
272
273		Example:
274		```php
275		$http->redirect('http://example.com/new-page', true); // 301
276		$http->redirect('/wiki/HomePage'); // 302
277		```
278
279		---
280
281		#### `terminate(): void`
282		Safe exit/die with cleanup.
283
284		Cleanup Operations:
285		- Saves diagnostic logs to session flash data
286		- Ends script execution
287
288		Example:
289		```php
290		$http->terminate();
291		```
292
293		---
294
295		#### `status($code): void`
296		Sets HTTP response status code.
297
298		Supported Status Codes:
299		```php
300		200 => 'OK'
301		206 => 'Partial Content'
302		301 => 'Moved Permanently'
303		302 => 'Moved Temporarily'
304		304 => 'Not Modified'
305		400 => 'Bad Request'
306		401 => 'Unauthorized'
307		403 => 'Forbidden'
308		404 => 'Not Found'
309		405 => 'Method Not Allowed'
310		409 => 'Conflict'
311		410 => 'Gone'
312		416 => 'Requested Range Not Satisfiable'
313		500 => 'Internal Server Error'
314		501 => 'Not Implemented'
315		503 => 'Service Unavailable'
316		```
317
318		Example:
319		```php
320		$http->status(404); // Send 404 Not Found
321		```
322
323		---
324
325		### Caching Control
326
327		#### `no_cache($client_only = true): void`
328		Disables caching of the current page.
329
330		Parameters:
331		- `$client_only` (bool, default: TRUE)
332		- `TRUE`: Disable browser cache only
333		- `FALSE`: Disable both browser and server cache
334
335		Headers Set:
336		- `Last-Modified: <current-time>` (always fresh)
337		- `Cache-Control: no-store`
338
339		Example:
340		```php
341		$http->no_cache(); // Client-side only
342		$http->no_cache(false); // Both client & server
343		```
344
345		---
346
347		#### `cache_promisc(): void`
348		Marks page as publicly cacheable.
349
350		Headers Set:
351		- `Cache-Control: public`
352
353		Example:
354		```php
355		$http->cache_promisc();
356		```
357
358		---
359
360		### Language Negotiation
361
362		#### `user_agent_language(): string`
363		Determines best language based on browser preferences.
364
365		Features:
366		- Follows RFC 9110 section 12.5.4 (HTTP Accept-Language)
367		- Parses `Accept-Language` header with quality factors
368		- Attempts exact match first, then language fallback
369		- Falls back to default system language
370
371		Example Header:
372		```
373		Accept-Language: en-US,en;q=0.9,de;q=0.8
374		```
375
376		Returns:
377		- Language code (e.g., 'en', 'en-US', 'de')
378
379		---
380
381		#### `available_languages($subset = true): array`
382		Returns list of available language translations.
383
384		Parameters:
385		- `$subset` (bool, default: TRUE)
386		- `TRUE`: Only allowed languages
387		- `FALSE`: All available languages
388
389		Features:
390		- Scans `LANG_DIR` for language files
391		- Filters by `allowed_languages` config if set
392		- Caches result in session
393		- System language always included
394
395		Returns:
396		- Associative array: `['en' => 'en', 'de' => 'de', ...]`
397
398		Example:
399		```php
400		$all_langs = $http->available_languages(false);
401		$allowed = $http->available_languages(true);
402		```
403
404		---
405
406		### File Serving
407
408		#### `sendfile($path, $filename = null, $age = null): void`
409		Serves files with proper HTTP headers and caching.
410
411		Parameters:
412		- `$path` (string) - File path (or HTTP_XXX constant for error pages)
413		- `$filename` (string, optional) - Custom download filename
414		- `$age` (int, optional) - Cache age in days
415
416		Features:
417		- HTTP range request support (partial file downloads)
418		- ETag and Last-Modified conditional requests
419		- Proper MIME type detection
420		- Content-Security-Policy for special file types
421		- Streaming for large files
422		- GZip compression for text files
423
424		Special Paths:
425		```php
426		$http->sendfile(404); // Serves file defined by HTTP_404 constant
427		$http->sendfile(403); // Serves file defined by HTTP_403 constant
428		```
429
430		Example:
431		```php
432		$http->sendfile('uploads/document.pdf', 'my-document.pdf', 30);
433		```
434
435		---
436
437		#### `mime_type($path): string`
438		Returns MIME type for a file.
439
440		Returns:
441		- MIME type string (e.g., 'application/pdf')
442		- Default: `'application/octet-stream'`
443
444		Example:
445		```php
446		$mime = $http->mime_type('file.pdf'); // 'application/pdf'
447		```
448
449		---
450
451		#### `mime_types(): array` (Private)
452		Loads and caches MIME types from configuration.
453
454		Features:
455		- Reads from `config/mime.types`
456		- Caches to `cache/config/mime.types`
457		- Reloads if config is updated
458
459		---
460
461		### Compression
462
463		#### `gzip(): void`
464		Compresses HTTP response with gzip/x-gzip.
465
466		Features:
467		- Manually implements gzip (not relying on zlib.output_compression)
468		- Produces correct `Content-Length` header
469		- Only compresses if:
470		- 860 bytes < content < 1 MB
471		- Client accepts compression
472		- Headers not already sent
473
474		Example:
475		```php
476		$http->gzip();
477		```
478
479		---
480
481		### Utility Methods
482
483		#### `parse_str($str): array` (Private)
484		Parses URL-encoded strings with special character handling.
485
486		Purpose:
487		- Safely handles special characters in query/form data
488		- Converts encoding properly
489
490		Example:
491		```php
492		$data = $http->parse_str('name=John&age=30');
493		```
494
495		---
496
497		#### `request_uri(): string` (Private)
498		Extracts and normalizes REQUEST_URI from server.
499
500		Normalization:
501		- Removes base URL prefix
502		- Removes spaces
503		- Collapses multiple slashes
504		- Removes `..` path traversal attempts
505		- Removes leading/trailing slashes
506
507		---
508
509		#### `cut_prefix($prefix, $path): string` (Private)
510		Removes prefix from path (case-insensitive).
511
512		---
513
514		#### `get_header_conf($file_name): string` (Private)
515		Loads security header configuration from files.
516
517		Files Supported:
518		- `csp.conf` / `csp_custom.conf`
519		- `permissions_policy.conf` / `permissions_policy_custom.conf`
520
521		---
522
523		## Configuration Dependencies
524
525		The class relies on these database configuration settings:
526
527		\| Setting \| Type \| Purpose \|
528		\|---------\|------\|---------\|
529		\| `base_url` \| string \| Wiki's base URL \|
530		\| `tls` \| bool \| Enable HTTPS enforcement \|
531		\| `cache` \| bool \| Enable page caching \|
532		\| `cache_ttl` \| int \| Cache lifetime in seconds \|
533		\| `session_store` \| int \| 1=File, 0=Database \|
534		\| `system_seed_hash` \| string \| Session encryption seed \|
535		\| `cookie_prefix` \| string \| Session cookie prefix \|
536		\| `cookie_path` \| string \| Cookie path \|
537		\| `allow_persistent_cookie` \| bool \| Allow persistent login \|
538		\| `session_length` \| int \| Session lifetime in seconds \|
539		\| `reverse_proxy_addresses` \| string \| Comma/space-separated proxy IPs \|
540		\| `reverse_proxy_header` \| string \| Custom X-Forwarded header \|
541		\| `language` \| string \| Default language code \|
542		\| `multilanguage` \| bool \| Enable language negotiation \|
543		\| `allowed_languages` \| string \| Comma/space-separated allowed langs \|
544		\| `enable_security_headers` \| bool \| Send security headers \|
545		\| `csp` \| int \| CSP setting (0/1/2) \|
546		\| `permissions_policy` \| int \| Permissions-Policy setting (0/1/2) \|
547		\| `referrer_policy` \| int \| Referrer-Policy setting (0-8) \|
548
549		---
550
551		## Constants Used
552
553		\| Constant \| Type \| Purpose \|
554		\|----------\|------\|---------\|
555		\| `IN_WACKO` \| bool \| Security check (exit if not defined) \|
556		\| `CHMOD_SAFE` \| int \| File permissions for cache files \|
557		\| `CHMOD_FILE` \| int \| File permissions for config cache \|
558		\| `CACHE_PAGE_DIR` \| string \| Page cache directory \|
559		\| `CACHE_SESSION_DIR` \| string \| Session cache directory \|
560		\| `CACHE_CONFIG_DIR` \| string \| Config cache directory \|
561		\| `CONFIG_DIR` \| string \| Configuration directory \|
562		\| `LANG_DIR` \| string \| Language files directory \|
563		\| `DAYSECS` \| int \| Seconds in a day (86400) \|
564		\| `HTTP_404` \| string \| Path to 404 error page \|
565		\| `HTTP_403` \| string \| Path to 403 error page \|
566
567		---
568
569		## Workflow Examples
570
571		### Example 1: Handling a GET Request
572
573		```php
574		// In main wiki entry point
575		$http = new Http($db);
576		$http->session(0); // Start session
577
578		// Check if page can be served from cache
579		$http->check_cache('HomePage', 'show');
580
581		// ... render page content ...
582
583		// Store rendered page in cache if applicable
584		$http->store_cache();
585
586		// Send security headers
587		$http->http_security_headers();
588
589		// Possibly compress output
590		$http->gzip();
591		```
592
593		### Example 2: Handling TLS/HTTPS Upgrade
594
595		```php
596		$http = new Http($db); // Constructor detects TLS requirement
597		// If TLS is enabled and user wasn't in TLS before:
598		// - Sets TLS session flag
599		// - Marks session with TLS cookie
600		// - Redirects to HTTPS version
601		```
602
603		### Example 3: Invalidating Cache After Page Edit
604
605		```php
606		// User edits a page
607		$http = new Http($db);
608		$count = $http->invalidate_page('HomePage');
609		// All cached versions (different languages, methods) are invalidated
610		```
611
612		### Example 4: Serving a File
613
614		```php
615		$http = new Http($db);
616		$http->session(2); // Static file mode - no session replay prevention
617
618		// Serve with 30-day cache
619		$http->sendfile('uploads/manual.pdf', 'user-manual.pdf', 30);
620		```
621
622		---
623
624		## Security Considerations
625
626		### 1. IP Address Spoofing
627		- Validates IPs against private ranges
628		- Filters proxy-provided IPs appropriately
629		- Configurable reverse proxy trust
630
631		### 2. Session Security
632		- Binds sessions to IP address
633		- Binds sessions to TLS status
634		- Supports both file and database storage
635		- HttpOnly cookies by default
636
637		### 3. TLS Enforcement
638		- Automatic HTTPS upgrade when configured
639		- Marks TLS sessions to prevent downgrade attacks
640		- HSTS header support
641
642		### 4. Content Security
643		- CSP headers to prevent XSS
644		- X-Frame-Options to prevent clickjacking
645		- X-Content-Type-Options to prevent MIME sniffing
646		- Referrer-Policy control
647		- Permissions-Policy for browser features
648
649		### 5. File Serving
650		- Validates file existence and readability
651		- Prevents directory traversal via `realpath()`
652		- Rejects symbolic links
653		- Special CSP for SVG and PDF files
654
655		### 6. Cache Security
656		- Cached only for anonymous users
657		- Disabled for sensitive operations (edit, watch)
658		- Only GET requests cached
659
660		---
661
662		## Performance Optimization
663
664		### 1. Page Caching
665		- Stores full HTML output
666		- TTL-based expiration
667		- Language and method-aware caching
668		- Conditional request support (304 Not Modified)
669
670		### 2. MIME Type Caching
671		- Loads MIME types once and caches
672		- Regenerates only when config changes
673
674		### 3. Session Options
675		- File-based sessions for simple deployments
676		- Database sessions for distributed systems
677
678		### 4. Compression
679		- Manual gzip implementation
680		- Proper Content-Length generation
681		- Only compresses appropriate sizes
682
683		---
684
685		## Debugging
	80	=== Debugging ===
686	81
687	82	The class integrates with WackoWiki's diagnostic system:
688	83
689		~~```~~php
	84	%%php
690	85	// Diagnostic messages are preserved across redirects
691	86	// via session flash data
692	87
693	88	// Check cached pages (debug comments in output):
694	89	// <!-- WackoWiki Caching Engine: page cached at 2024-01-15 12:30:45 GMT -->
695		~~```~~
	90	%%
696	91
697		---
	92	----
698	93
699		## Related Classes
	94	=== Related Classes ===
	95	- Session Classes (##SessionFileStore##, ##SessionDbalStore##) - Session management backends
	96	- Database Class - Configuration and cache metadata storage
	97	- Ut Utility Class - String/path utilities
	98	- Diag Class - Diagnostic logging
700	99
701		- Session Classes (`SessionFileStore`, `SessionDbalStore`) - Session management backends
702		- Database Class - Configuration and cache metadata storage
703		- Ut Utility Class - String/path utilities
704		- Diag Class - Diagnostic logging
	100	----
705	101
706		---
	102	=== Version History ===
	103	- Supports PHP 8.0+ (uses match expressions, union types)
	104	- Follows RFC 9110 for HTTP header handling
	105	- Modern cookie security practices
707	106
708		~~## Version History~~
	107	----
709	108
710		- Supports PHP 8.0+ (uses match expressions, union types)
711		- Follows RFC 9110 for HTTP header handling
712		- Modern cookie security practices
	109	=== Conclusion ===
713	110
714		---
715
716		## Conclusion
717
718		The `Http` class is the central request/response handler in WackoWiki, managing everything from session initialization to security headers to file serving. Understanding this class is essential for:
719
720		- Extending WackoWiki with custom request handlers
721		- Implementing custom session logic
722		- Adding new security policies
723		- Optimizing cache strategies
724		- Debugging HTTP-related issues
	111	The ##Http## class is the central request/response handler in WackoWiki, managing everything from session initialization to security headers to file serving. Understanding this class is essential for:
	112	- Extending WackoWiki with custom request handlers
	113	- Implementing custom session logic
	114	- Adding new security policies
	115	- Optimizing cache strategies
	116	- Debugging HTTP-related issues