[GitHub/WoltLab/woltlab.github.io.git] / 6.0 / migration / wsc53 / session / index.html


<!doctype html>
<html lang="en" class="no-js">
  <head>
    
      <meta charset="utf-8">
      <meta name="viewport" content="width=device-width,initial-scale=1">
      
      
        <link rel="canonical" href="https://docs.woltlab.com/6.0/migration/wsc53/session/">
      
      <link rel="icon" href="../../../assets/default.favicon.ico">
      <meta name="generator" content="mkdocs-1.4.0, mkdocs-material-8.5.4">
    
    
        <title>Session Handling and Authentication - WoltLab Suite Documentation</title>
      
    
      <link rel="stylesheet" href="../../../assets/stylesheets/main.80dcb947.min.css">
      
        
        <link rel="stylesheet" href="../../../assets/stylesheets/palette.cbb835fc.min.css">
        
          
          <meta name="theme-color" content="#009485">
        
      
      <link rel="stylesheet" href="../../../stylesheets/extra.css">
    
    <script>__md_scope=new URL("../../..",location),__md_hash=e=>[...e].reduce((e,_)=>(e<<5)-e+_.charCodeAt(0),0),__md_get=(e,_=localStorage,t=__md_scope)=>JSON.parse(_.getItem(t.pathname+"."+e)),__md_set=(e,_,t=localStorage,a=__md_scope)=>{try{t.setItem(a.pathname+"."+e,JSON.stringify(_))}catch(e){}}</script>
    
      
  </head>
  
  
    <body dir="ltr" data-md-color-scheme="" data-md-color-primary="teal" data-md-color-accent="">
  
    
    <input class="md-toggle" data-md-toggle="drawer" type="checkbox" id="__drawer" autocomplete="off">
    <input class="md-toggle" data-md-toggle="search" type="checkbox" id="__search" autocomplete="off">
    <label class="md-overlay" for="__drawer"></label>
    <div data-md-component="skip">
      
        
        <a href="#migrating-from-woltlab-suite-53-session-handling-and-authentication" class="md-skip">
          Skip to content
        </a>
      
    </div>
    <div data-md-component="announce">
      
        <aside class="md-banner">
          <div class="md-banner__inner md-grid md-typeset">
            
            
    <a href="https://www.woltlab.com">Back to <strong>woltlab.com</strong></a>

          </div>
          
        </aside>
      
    </div>
    
      <div data-md-component="outdated" hidden>
        
      </div>
    
    
<header class="md-header" data-md-component="header">
  <nav class="md-header__inner md-grid" aria-label="Header">
    <a href="../../.." title="WoltLab Suite Documentation" class="md-header__button md-logo" aria-label="WoltLab Suite Documentation" data-md-component="logo">
      
  <img src="../../../assets/logo.png" alt="logo">

    </a>
    <label class="md-header__button md-icon" for="__drawer">
      <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M3 6h18v2H3V6m0 5h18v2H3v-2m0 5h18v2H3v-2Z"/></svg>
    </label>
    <div class="md-header__title" data-md-component="header-title">
      <div class="md-header__ellipsis">
        <div class="md-header__topic">
          <span class="md-ellipsis">
            WoltLab Suite Documentation
          </span>
        </div>
        <div class="md-header__topic" data-md-component="header-topic">
          <span class="md-ellipsis">
            
              Session Handling and Authentication
            
          </span>
        </div>
      </div>
    </div>
    
    
      <label class="md-header__button md-icon" for="__search">
        <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M9.5 3A6.5 6.5 0 0 1 16 9.5c0 1.61-.59 3.09-1.56 4.23l.27.27h.79l5 5-1.5 1.5-5-5v-.79l-.27-.27A6.516 6.516 0 0 1 9.5 16 6.5 6.5 0 0 1 3 9.5 6.5 6.5 0 0 1 9.5 3m0 2C7 5 5 7 5 9.5S7 14 9.5 14 14 12 14 9.5 12 5 9.5 5Z"/></svg>
      </label>
      <div class="md-search" data-md-component="search" role="dialog">
  <label class="md-search__overlay" for="__search"></label>
  <div class="md-search__inner" role="search">
    <form class="md-search__form" name="search">
      <input type="text" class="md-search__input" name="query" aria-label="Search" placeholder="Search" autocapitalize="off" autocorrect="off" autocomplete="off" spellcheck="false" data-md-component="search-query" required>
      <label class="md-search__icon md-icon" for="__search">
        <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M9.5 3A6.5 6.5 0 0 1 16 9.5c0 1.61-.59 3.09-1.56 4.23l.27.27h.79l5 5-1.5 1.5-5-5v-.79l-.27-.27A6.516 6.516 0 0 1 9.5 16 6.5 6.5 0 0 1 3 9.5 6.5 6.5 0 0 1 9.5 3m0 2C7 5 5 7 5 9.5S7 14 9.5 14 14 12 14 9.5 12 5 9.5 5Z"/></svg>
        <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M20 11v2H8l5.5 5.5-1.42 1.42L4.16 12l7.92-7.92L13.5 5.5 8 11h12Z"/></svg>
      </label>
      <nav class="md-search__options" aria-label="Search">
        
        <button type="reset" class="md-search__icon md-icon" title="Clear" aria-label="Clear" tabindex="-1">
          <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M19 6.41 17.59 5 12 10.59 6.41 5 5 6.41 10.59 12 5 17.59 6.41 19 12 13.41 17.59 19 19 17.59 13.41 12 19 6.41Z"/></svg>
        </button>
      </nav>
      
    </form>
    <div class="md-search__output">
      <div class="md-search__scrollwrap" data-md-scrollfix>
        <div class="md-search-result" data-md-component="search-result">
          <div class="md-search-result__meta">
            Initializing search
          </div>
          <ol class="md-search-result__list"></ol>
        </div>
      </div>
    </div>
  </div>
</div>
    
    
      <div class="md-header__source">
        <a href="https://github.com/WoltLab/docs.woltlab.com/" title="Go to repository" class="md-source" data-md-component="source">
  <div class="md-source__icon md-icon">
    
    <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 448 512"><!--! Font Awesome Free 6.2.0 by @fontawesome - https://fontawesome.com License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License) Copyright 2022 Fonticons, Inc.--><path d="M439.55 236.05 244 40.45a28.87 28.87 0 0 0-40.81 0l-40.66 40.63 51.52 51.52c27.06-9.14 52.68 16.77 43.39 43.68l49.66 49.66c34.23-11.8 61.18 31 35.47 56.69-26.49 26.49-70.21-2.87-56-37.34L240.22 199v121.85c25.3 12.54 22.26 41.85 9.08 55a34.34 34.34 0 0 1-48.55 0c-17.57-17.6-11.07-46.91 11.25-56v-123c-20.8-8.51-24.6-30.74-18.64-45L142.57 101 8.45 235.14a28.86 28.86 0 0 0 0 40.81l195.61 195.6a28.86 28.86 0 0 0 40.8 0l194.69-194.69a28.86 28.86 0 0 0 0-40.81z"/></svg>
  </div>
  <div class="md-source__repository">
    GitHub
  </div>
</a>
      </div>
    
  </nav>
  
</header>
    
    <div class="md-container" data-md-component="container">
      
      
      <main class="md-main" data-md-component="main">
        <div class="md-main__inner md-grid">
          
            
              <div class="md-sidebar md-sidebar--primary" data-md-component="sidebar" data-md-type="navigation" >
                <div class="md-sidebar__scrollwrap">
                  <div class="md-sidebar__inner">
                    

<nav class="md-nav md-nav--primary" aria-label="Navigation" data-md-level="0">
  <label class="md-nav__title" for="__drawer">
    <a href="../../.." title="WoltLab Suite Documentation" class="md-nav__button md-logo" aria-label="WoltLab Suite Documentation" data-md-component="logo">
      
  <img src="../../../assets/logo.png" alt="logo">

    </a>
    WoltLab Suite Documentation
  </label>
  
    <div class="md-nav__source">
      <a href="https://github.com/WoltLab/docs.woltlab.com/" title="Go to repository" class="md-source" data-md-component="source">
  <div class="md-source__icon md-icon">
    
    <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 448 512"><!--! Font Awesome Free 6.2.0 by @fontawesome - https://fontawesome.com License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License) Copyright 2022 Fonticons, Inc.--><path d="M439.55 236.05 244 40.45a28.87 28.87 0 0 0-40.81 0l-40.66 40.63 51.52 51.52c27.06-9.14 52.68 16.77 43.39 43.68l49.66 49.66c34.23-11.8 61.18 31 35.47 56.69-26.49 26.49-70.21-2.87-56-37.34L240.22 199v121.85c25.3 12.54 22.26 41.85 9.08 55a34.34 34.34 0 0 1-48.55 0c-17.57-17.6-11.07-46.91 11.25-56v-123c-20.8-8.51-24.6-30.74-18.64-45L142.57 101 8.45 235.14a28.86 28.86 0 0 0 0 40.81l195.61 195.6a28.86 28.86 0 0 0 40.8 0l194.69-194.69a28.86 28.86 0 0 0 0-40.81z"/></svg>
  </div>
  <div class="md-source__repository">
    GitHub
  </div>
</a>
    </div>
  
  <ul class="md-nav__list" data-md-scrollfix>
    
      
    <li class="md-nav__item">
      <a href="../../../getting-started/" class="md-nav__link">
        Getting Started
      </a>
    </li>
  

    <li class="md-nav__item md-nav__item--nested">
      
      
        <input class="md-nav__toggle md-toggle" data-md-toggle="__nav_2" type="checkbox" id="__nav_2" >
      
      
        <label class="md-nav__link" for="__nav_2">
          PHP API
          <span class="md-nav__icon md-icon"></span>
        </label>
      
      <nav class="md-nav" aria-label="PHP API" data-md-level="1">
        <label class="md-nav__title" for="__nav_2">
          <span class="md-nav__icon md-icon"></span>
          PHP API
        </label>
        <ul class="md-nav__list" data-md-scrollfix>
          
            
    <li class="md-nav__item">
      <a href="../../../php/pages/" class="md-nav__link">
        Pages
      </a>
    </li>
  

    <li class="md-nav__item">
      <a href="../../../php/database-objects/" class="md-nav__link">
        Database Objects
      </a>
    </li>
  

    <li class="md-nav__item">
      <a href="../../../php/database-access/" class="md-nav__link">
        Database Access
      </a>
    </li>
  

    <li class="md-nav__item">
      <a href="../../../php/exceptions/" class="md-nav__link">
        Exceptions
      </a>
    </li>
  

    <li class="md-nav__item md-nav__item--nested">
      
      
        <input class="md-nav__toggle md-toggle" data-md-toggle="__nav_2_5" type="checkbox" id="__nav_2_5" >
      
      
        <label class="md-nav__link" for="__nav_2_5">
          API
          <span class="md-nav__icon md-icon"></span>
        </label>
      
      <nav class="md-nav" aria-label="API" data-md-level="2">
        <label class="md-nav__title" for="__nav_2_5">
          <span class="md-nav__icon md-icon"></span>
          API
        </label>
        <ul class="md-nav__list" data-md-scrollfix>
          
            
    <li class="md-nav__item md-nav__item--nested">
      
      
        <input class="md-nav__toggle md-toggle" data-md-toggle="__nav_2_5_1" type="checkbox" id="__nav_2_5_1" >
      
      
        <label class="md-nav__link" for="__nav_2_5_1">
          Caches
          <span class="md-nav__icon md-icon"></span>
        </label>
      
      <nav class="md-nav" aria-label="Caches" data-md-level="3">
        <label class="md-nav__title" for="__nav_2_5_1">
          <span class="md-nav__icon md-icon"></span>
          Caches
        </label>
        <ul class="md-nav__list" data-md-scrollfix>
          
            
    <li class="md-nav__item">
      <a href="../../../php/api/caches/" class="md-nav__link">
        Overview
      </a>
    </li>
  

    <li class="md-nav__item">
      <a href="../../../php/api/caches_persistent-caches/" class="md-nav__link">
        Persistent Caches
      </a>
    </li>
  

    <li class="md-nav__item">
      <a href="../../../php/api/caches_runtime-caches/" class="md-nav__link">
        Runtime Caches
      </a>
    </li>
  

        </ul>
      </nav>
    </li>
  

    <li class="md-nav__item">
      <a href="../../../php/api/comments/" class="md-nav__link">
        Comments
      </a>
    </li>
  

    <li class="md-nav__item">
      <a href="../../../php/api/cronjobs/" class="md-nav__link">
        Cronjobs
      </a>
    </li>
  

    <li class="md-nav__item">
      <a href="../../../php/api/events/" class="md-nav__link">
        Events
      </a>
    </li>
  

    <li class="md-nav__item md-nav__item--nested">
      
      
        <input class="md-nav__toggle md-toggle" data-md-toggle="__nav_2_5_5" type="checkbox" id="__nav_2_5_5" >
      
      
        <label class="md-nav__link" for="__nav_2_5_5">
          Form Builder
          <span class="md-nav__icon md-icon"></span>
        </label>
      
      <nav class="md-nav" aria-label="Form Builder" data-md-level="3">
        <label class="md-nav__title" for="__nav_2_5_5">
          <span class="md-nav__icon md-icon"></span>
          Form Builder
        </label>
        <ul class="md-nav__list" data-md-scrollfix>
          
            
    <li class="md-nav__item">
      <a href="../../../php/api/form_builder/overview/" class="md-nav__link">
        Overview
      </a>
    </li>
  

    <li class="md-nav__item">
      <a href="../../../php/api/form_builder/structure/" class="md-nav__link">
        Structure
      </a>
    </li>
  

    <li class="md-nav__item">
      <a href="../../../php/api/form_builder/form_fields/" class="md-nav__link">
        Fields
      </a>
    </li>
  

    <li class="md-nav__item">
      <a href="../../../php/api/form_builder/validation_data/" class="md-nav__link">
        Validation and Data
      </a>
    </li>
  

    <li class="md-nav__item">
      <a href="../../../php/api/form_builder/dependencies/" class="md-nav__link">
        Dependencies
      </a>
    </li>
  

        </ul>
      </nav>
    </li>
  

    <li class="md-nav__item">
      <a href="../../../php/api/package_installation_plugins/" class="md-nav__link">
        Package Installation Plugins
      </a>
    </li>
  

    <li class="md-nav__item">
      <a href="../../../php/api/user_activity_points/" class="md-nav__link">
        User Activity Points
      </a>
    </li>
  

    <li class="md-nav__item">
      <a href="../../../php/api/user_notifications/" class="md-nav__link">
        User Notifications
      </a>
    </li>
  

    <li class="md-nav__item">
      <a href="../../../php/api/sitemaps/" class="md-nav__link">
        Sitemaps
      </a>
    </li>
  

        </ul>
      </nav>
    </li>
  

    <li class="md-nav__item">
      <a href="../../../php/code-style/" class="md-nav__link">
        Code Style
      </a>
    </li>
  

    <li class="md-nav__item">
      <a href="../../../php/apps/" class="md-nav__link">
        Apps
      </a>
    </li>
  

    <li class="md-nav__item">
      <a href="../../../php/gdpr/" class="md-nav__link">
        GDPR
      </a>
    </li>
  

        </ul>
      </nav>
    </li>
  

    <li class="md-nav__item md-nav__item--nested">
      
      
        <input class="md-nav__toggle md-toggle" data-md-toggle="__nav_3" type="checkbox" id="__nav_3" >
      
      
        <label class="md-nav__link" for="__nav_3">
          Languages, Templates & CSS
          <span class="md-nav__icon md-icon"></span>
        </label>
      
      <nav class="md-nav" aria-label="Languages, Templates & CSS" data-md-level="1">
        <label class="md-nav__title" for="__nav_3">
          <span class="md-nav__icon md-icon"></span>
          Languages, Templates & CSS
        </label>
        <ul class="md-nav__list" data-md-scrollfix>
          
            
    <li class="md-nav__item">
      <a href="../../../view/languages/" class="md-nav__link">
        Languages
      </a>
    </li>
  

    <li class="md-nav__item">
      <a href="../../../view/templates/" class="md-nav__link">
        Templates
      </a>
    </li>
  

    <li class="md-nav__item">
      <a href="../../../view/template-plugins/" class="md-nav__link">
        Template Plugins
      </a>
    </li>
  

    <li class="md-nav__item">
      <a href="../../../view/css/" class="md-nav__link">
        CSS
      </a>
    </li>
  

        </ul>
      </nav>
    </li>
  

    <li class="md-nav__item md-nav__item--nested">
      
      
        <input class="md-nav__toggle md-toggle" data-md-toggle="__nav_4" type="checkbox" id="__nav_4" >
      
      
        <label class="md-nav__link" for="__nav_4">
          TypeScript and JavaScript API
          <span class="md-nav__icon md-icon"></span>
        </label>
      
      <nav class="md-nav" aria-label="TypeScript and JavaScript API" data-md-level="1">
        <label class="md-nav__title" for="__nav_4">
          <span class="md-nav__icon md-icon"></span>
          TypeScript and JavaScript API
        </label>
        <ul class="md-nav__list" data-md-scrollfix>
          
            
    <li class="md-nav__item">
      <a href="../../../javascript/general-usage/" class="md-nav__link">
        General Usage
      </a>
    </li>
  

    <li class="md-nav__item">
      <a href="../../../javascript/typescript/" class="md-nav__link">
        TypeScript
      </a>
    </li>
  

    <li class="md-nav__item md-nav__item--nested">
      
      
        <input class="md-nav__toggle md-toggle" data-md-toggle="__nav_4_3" type="checkbox" id="__nav_4_3" >
      
      
        <label class="md-nav__link" for="__nav_4_3">
          Components
          <span class="md-nav__icon md-icon"></span>
        </label>
      
      <nav class="md-nav" aria-label="Components" data-md-level="2">
        <label class="md-nav__title" for="__nav_4_3">
          <span class="md-nav__icon md-icon"></span>
          Components
        </label>
        <ul class="md-nav__list" data-md-scrollfix>
          
            
    <li class="md-nav__item">
      <a href="../../../javascript/components_confirmation/" class="md-nav__link">
        Confirmation
      </a>
    </li>
  

    <li class="md-nav__item">
      <a href="../../../javascript/components_dialog/" class="md-nav__link">
        Dialog
      </a>
    </li>
  

        </ul>
      </nav>
    </li>
  

    <li class="md-nav__item md-nav__item--nested">
      
      
        <input class="md-nav__toggle md-toggle" data-md-toggle="__nav_4_4" type="checkbox" id="__nav_4_4" >
      
      
        <label class="md-nav__link" for="__nav_4_4">
          New API
          <span class="md-nav__icon md-icon"></span>
        </label>
      
      <nav class="md-nav" aria-label="New API" data-md-level="2">
        <label class="md-nav__title" for="__nav_4_4">
          <span class="md-nav__icon md-icon"></span>
          New API
        </label>
        <ul class="md-nav__list" data-md-scrollfix>
          
            
    <li class="md-nav__item">
      <a href="../../../javascript/new-api_writing-a-module/" class="md-nav__link">
        Writing a module
      </a>
    </li>
  

    <li class="md-nav__item">
      <a href="../../../javascript/new-api_data-structures/" class="md-nav__link">
        Data Structures
      </a>
    </li>
  

    <li class="md-nav__item">
      <a href="../../../javascript/new-api_core/" class="md-nav__link">
        Core Functions
      </a>
    </li>
  

    <li class="md-nav__item">
      <a href="../../../javascript/new-api_dom/" class="md-nav__link">
        DOM
      </a>
    </li>
  

    <li class="md-nav__item">
      <a href="../../../javascript/new-api_events/" class="md-nav__link">
        Event Handling
      </a>
    </li>
  

    <li class="md-nav__item">
      <a href="../../../javascript/new-api_ajax/" class="md-nav__link">
        Ajax
      </a>
    </li>
  

    <li class="md-nav__item">
      <a href="../../../javascript/new-api_dialogs/" class="md-nav__link">
        Dialogs
      </a>
    </li>
  

    <li class="md-nav__item">
      <a href="../../../javascript/new-api_browser/" class="md-nav__link">
        Browser and Screen Sizes
      </a>
    </li>
  

    <li class="md-nav__item">
      <a href="../../../javascript/new-api_ui/" class="md-nav__link">
        User Interface
      </a>
    </li>
  

        </ul>
      </nav>
    </li>
  

    <li class="md-nav__item">
      <a href="../../../javascript/legacy-api/" class="md-nav__link">
        Legacy API
      </a>
    </li>
  

    <li class="md-nav__item">
      <a href="../../../javascript/helper-functions/" class="md-nav__link">
        Helper Functions
      </a>
    </li>
  

    <li class="md-nav__item">
      <a href="../../../javascript/code-snippets/" class="md-nav__link">
        Code Snippets
      </a>
    </li>
  

        </ul>
      </nav>
    </li>
  

    <li class="md-nav__item md-nav__item--nested">
      
      
        <input class="md-nav__toggle md-toggle" data-md-toggle="__nav_5" type="checkbox" id="__nav_5" >
      
      
        <label class="md-nav__link" for="__nav_5">
          Package Components
          <span class="md-nav__icon md-icon"></span>
        </label>
      
      <nav class="md-nav" aria-label="Package Components" data-md-level="1">
        <label class="md-nav__title" for="__nav_5">
          <span class="md-nav__icon md-icon"></span>
          Package Components
        </label>
        <ul class="md-nav__list" data-md-scrollfix>
          
            
    <li class="md-nav__item">
      <a href="../../../package/package-xml/" class="md-nav__link">
        package.xml
      </a>
    </li>
  

    <li class="md-nav__item md-nav__item--nested">
      
      
        <input class="md-nav__toggle md-toggle" data-md-toggle="__nav_5_2" type="checkbox" id="__nav_5_2" >
      
      
        <label class="md-nav__link" for="__nav_5_2">
          PIPs
          <span class="md-nav__icon md-icon"></span>
        </label>
      
      <nav class="md-nav" aria-label="PIPs" data-md-level="2">
        <label class="md-nav__title" for="__nav_5_2">
          <span class="md-nav__icon md-icon"></span>
          PIPs
        </label>
        <ul class="md-nav__list" data-md-scrollfix>
          
            
    <li class="md-nav__item">
      <a href="../../../package/pip/" class="md-nav__link">
        Overview
      </a>
    </li>
  

    <li class="md-nav__item">
      <a href="../../../package/pip/acl-option/" class="md-nav__link">
        aclOption
      </a>
    </li>
  

    <li class="md-nav__item">
      <a href="../../../package/pip/acp-menu/" class="md-nav__link">
        acpMenu
      </a>
    </li>
  

    <li class="md-nav__item">
      <a href="../../../package/pip/acp-search-provider/" class="md-nav__link">
        acpSearchProvider
      </a>
    </li>
  

    <li class="md-nav__item">
      <a href="../../../package/pip/acp-template/" class="md-nav__link">
        acpTemplate
      </a>
    </li>
  

    <li class="md-nav__item">
      <a href="../../../package/pip/acp-template-delete/" class="md-nav__link">
        acpTemplateDelete
      </a>
    </li>
  

    <li class="md-nav__item">
      <a href="../../../package/pip/bbcode/" class="md-nav__link">
        bbcode
      </a>
    </li>
  

    <li class="md-nav__item">
      <a href="../../../package/pip/box/" class="md-nav__link">
        box
      </a>
    </li>
  

    <li class="md-nav__item">
      <a href="../../../package/pip/clipboard-action/" class="md-nav__link">
        clipboardAction
      </a>
    </li>
  

    <li class="md-nav__item">
      <a href="../../../package/pip/core-object/" class="md-nav__link">
        coreObject
      </a>
    </li>
  

    <li class="md-nav__item">
      <a href="../../../package/pip/cronjob/" class="md-nav__link">
        cronjob
      </a>
    </li>
  

    <li class="md-nav__item">
      <a href="../../../package/pip/database/" class="md-nav__link">
        database
      </a>
    </li>
  

    <li class="md-nav__item">
      <a href="../../../package/pip/event-listener/" class="md-nav__link">
        eventListener
      </a>
    </li>
  

    <li class="md-nav__item">
      <a href="../../../package/pip/file/" class="md-nav__link">
        file
      </a>
    </li>
  

    <li class="md-nav__item">
      <a href="../../../package/pip/file-delete/" class="md-nav__link">
        fileDelete
      </a>
    </li>
  

    <li class="md-nav__item">
      <a href="../../../package/pip/language/" class="md-nav__link">
        language
      </a>
    </li>
  

    <li class="md-nav__item">
      <a href="../../../package/pip/media-provider/" class="md-nav__link">
        mediaProvider
      </a>
    </li>
  

    <li class="md-nav__item">
      <a href="../../../package/pip/menu/" class="md-nav__link">
        menu
      </a>
    </li>
  

    <li class="md-nav__item">
      <a href="../../../package/pip/menu-item/" class="md-nav__link">
        menuItem
      </a>
    </li>
  

    <li class="md-nav__item">
      <a href="../../../package/pip/object-type/" class="md-nav__link">
        objectType
      </a>
    </li>
  

    <li class="md-nav__item">
      <a href="../../../package/pip/object-type-definition/" class="md-nav__link">
        objectTypeDefinition
      </a>
    </li>
  

    <li class="md-nav__item">
      <a href="../../../package/pip/option/" class="md-nav__link">
        option
      </a>
    </li>
  

    <li class="md-nav__item">
      <a href="../../../package/pip/page/" class="md-nav__link">
        page
      </a>
    </li>
  

    <li class="md-nav__item">
      <a href="../../../package/pip/pip/" class="md-nav__link">
        pip
      </a>
    </li>
  

    <li class="md-nav__item">
      <a href="../../../package/pip/script/" class="md-nav__link">
        script
      </a>
    </li>
  

    <li class="md-nav__item">
      <a href="../../../package/pip/smiley/" class="md-nav__link">
        smiley
      </a>
    </li>
  

    <li class="md-nav__item">
      <a href="../../../package/pip/sql/" class="md-nav__link">
        sql
      </a>
    </li>
  

    <li class="md-nav__item">
      <a href="../../../package/pip/style/" class="md-nav__link">
        style
      </a>
    </li>
  

    <li class="md-nav__item">
      <a href="../../../package/pip/template/" class="md-nav__link">
        template
      </a>
    </li>
  

    <li class="md-nav__item">
      <a href="../../../package/pip/template-delete/" class="md-nav__link">
        templateDelete
      </a>
    </li>
  

    <li class="md-nav__item">
      <a href="../../../package/pip/template-listener/" class="md-nav__link">
        templateListener
      </a>
    </li>
  

    <li class="md-nav__item">
      <a href="../../../package/pip/user-group-option/" class="md-nav__link">
        userGroupOption
      </a>
    </li>
  

    <li class="md-nav__item">
      <a href="../../../package/pip/user-menu/" class="md-nav__link">
        userMenu
      </a>
    </li>
  

    <li class="md-nav__item">
      <a href="../../../package/pip/user-notification-event/" class="md-nav__link">
        userNotificationEvent
      </a>
    </li>
  

    <li class="md-nav__item">
      <a href="../../../package/pip/user-option/" class="md-nav__link">
        userOption
      </a>
    </li>
  

    <li class="md-nav__item">
      <a href="../../../package/pip/user-profile-menu/" class="md-nav__link">
        userProfileMenu
      </a>
    </li>
  

        </ul>
      </nav>
    </li>
  

    <li class="md-nav__item">
      <a href="../../../package/database-php-api/" class="md-nav__link">
        Database PHP API
      </a>
    </li>
  

        </ul>
      </nav>
    </li>
  

    <li class="md-nav__item md-nav__item--active md-nav__item--nested">
      
      
        <input class="md-nav__toggle md-toggle" data-md-toggle="__nav_6" type="checkbox" id="__nav_6" checked>
      
      
        <label class="md-nav__link" for="__nav_6">
          Migration
          <span class="md-nav__icon md-icon"></span>
        </label>
      
      <nav class="md-nav" aria-label="Migration" data-md-level="1">
        <label class="md-nav__title" for="__nav_6">
          <span class="md-nav__icon md-icon"></span>
          Migration
        </label>
        <ul class="md-nav__list" data-md-scrollfix>
          
            
    <li class="md-nav__item md-nav__item--nested">
      
      
        <input class="md-nav__toggle md-toggle" data-md-toggle="__nav_6_1" type="checkbox" id="__nav_6_1" >
      
      
        <label class="md-nav__link" for="__nav_6_1">
          From WoltLab Suite 5.5
          <span class="md-nav__icon md-icon"></span>
        </label>
      
      <nav class="md-nav" aria-label="From WoltLab Suite 5.5" data-md-level="2">
        <label class="md-nav__title" for="__nav_6_1">
          <span class="md-nav__icon md-icon"></span>
          From WoltLab Suite 5.5
        </label>
        <ul class="md-nav__list" data-md-scrollfix>
          
            
    <li class="md-nav__item">
      <a href="../../wsc55/php/" class="md-nav__link">
        PHP API
      </a>
    </li>
  

    <li class="md-nav__item">
      <a href="../../wsc55/javascript/" class="md-nav__link">
        TypeScript and JavaScript
      </a>
    </li>
  

    <li class="md-nav__item">
      <a href="../../wsc55/templates/" class="md-nav__link">
        Templates
      </a>
    </li>
  

    <li class="md-nav__item">
      <a href="../../wsc55/icons/" class="md-nav__link">
        Icons
      </a>
    </li>
  

    <li class="md-nav__item">
      <a href="../../wsc55/libraries/" class="md-nav__link">
        Third Party Libraries
      </a>
    </li>
  

    <li class="md-nav__item">
      <a href="../../wsc55/deprecations_removals/" class="md-nav__link">
        Deprecations and Removals
      </a>
    </li>
  

        </ul>
      </nav>
    </li>
  

    <li class="md-nav__item md-nav__item--nested">
      
      
        <input class="md-nav__toggle md-toggle" data-md-toggle="__nav_6_2" type="checkbox" id="__nav_6_2" >
      
      
        <label class="md-nav__link" for="__nav_6_2">
          From WoltLab Suite 5.4
          <span class="md-nav__icon md-icon"></span>
        </label>
      
      <nav class="md-nav" aria-label="From WoltLab Suite 5.4" data-md-level="2">
        <label class="md-nav__title" for="__nav_6_2">
          <span class="md-nav__icon md-icon"></span>
          From WoltLab Suite 5.4
        </label>
        <ul class="md-nav__list" data-md-scrollfix>
          
            
    <li class="md-nav__item">
      <a href="../../wsc54/php/" class="md-nav__link">
        PHP API
      </a>
    </li>
  

    <li class="md-nav__item">
      <a href="../../wsc54/javascript/" class="md-nav__link">
        TypeScript and JavaScript
      </a>
    </li>
  

    <li class="md-nav__item">
      <a href="../../wsc54/templates/" class="md-nav__link">
        Templates
      </a>
    </li>
  

    <li class="md-nav__item">
      <a href="../../wsc54/libraries/" class="md-nav__link">
        Third Party Libraries
      </a>
    </li>
  

    <li class="md-nav__item">
      <a href="../../wsc54/deprecations_removals/" class="md-nav__link">
        Deprecations and Removals
      </a>
    </li>
  

        </ul>
      </nav>
    </li>
  

    <li class="md-nav__item md-nav__item--active md-nav__item--nested">
      
      
        <input class="md-nav__toggle md-toggle" data-md-toggle="__nav_6_3" type="checkbox" id="__nav_6_3" checked>
      
      
        <label class="md-nav__link" for="__nav_6_3">
          From WoltLab Suite 5.3
          <span class="md-nav__icon md-icon"></span>
        </label>
      
      <nav class="md-nav" aria-label="From WoltLab Suite 5.3" data-md-level="2">
        <label class="md-nav__title" for="__nav_6_3">
          <span class="md-nav__icon md-icon"></span>
          From WoltLab Suite 5.3
        </label>
        <ul class="md-nav__list" data-md-scrollfix>
          
            
    <li class="md-nav__item">
      <a href="../php/" class="md-nav__link">
        PHP API
      </a>
    </li>
  

    <li class="md-nav__item md-nav__item--active">
      
      <input class="md-nav__toggle md-toggle" data-md-toggle="toc" type="checkbox" id="__toc">
      
      
        <label class="md-nav__link md-nav__link--active" for="__toc">
          Session Handling and Authentication
          <span class="md-nav__icon md-icon"></span>
        </label>
      
      <a href="./" class="md-nav__link md-nav__link--active">
        Session Handling and Authentication
      </a>
      
        
<nav class="md-nav md-nav--secondary" aria-label="Table of contents">
  
  
    <label class="md-nav__title" for="__toc">
      <span class="md-nav__icon md-icon"></span>
      Table of contents
    </label>
    <ul class="md-nav__list" data-md-component="toc" data-md-scrollfix>
      
        <li class="md-nav__item">
  <a href="#summary-and-concepts" class="md-nav__link">
    Summary and Concepts
  </a>
  
    <nav class="md-nav" aria-label="Summary and Concepts">
      <ul class="md-nav__list">
        
          <li class="md-nav__item">
  <a href="#legacy-persistent-login" class="md-nav__link">
    Legacy Persistent Login
  </a>
  
</li>
        
          <li class="md-nav__item">
  <a href="#multiple-sessions" class="md-nav__link">
    Multiple Sessions
  </a>
  
</li>
        
          <li class="md-nav__item">
  <a href="#merged-acp-and-frontend-sessions" class="md-nav__link">
    Merged ACP and Frontend Sessions
  </a>
  
</li>
        
          <li class="md-nav__item">
  <a href="#improved-authentication-and-reauthentication" class="md-nav__link">
    Improved Authentication and Reauthentication
  </a>
  
</li>
        
      </ul>
    </nav>
  
</li>
      
        <li class="md-nav__item">
  <a href="#additions-and-changes" class="md-nav__link">
    Additions and Changes
  </a>
  
    <nav class="md-nav" aria-label="Additions and Changes">
      <ul class="md-nav__list">
        
          <li class="md-nav__item">
  <a href="#password-hashing" class="md-nav__link">
    Password Hashing
  </a>
  
</li>
        
          <li class="md-nav__item">
  <a href="#session-storage" class="md-nav__link">
    Session Storage
  </a>
  
</li>
        
          <li class="md-nav__item">
  <a href="#reauthentication" class="md-nav__link">
    Reauthentication
  </a>
  
</li>
        
          <li class="md-nav__item">
  <a href="#multi-factor-authentication" class="md-nav__link">
    Multi-factor Authentication
  </a>
  
    <nav class="md-nav" aria-label="Multi-factor Authentication">
      <ul class="md-nav__list">
        
          <li class="md-nav__item">
  <a href="#adding-multi-factor-methods" class="md-nav__link">
    Adding Multi-factor Methods
  </a>
  
</li>
        
          <li class="md-nav__item">
  <a href="#enforcing-multi-factor-authentication" class="md-nav__link">
    Enforcing Multi-factor Authentication
  </a>
  
</li>
        
      </ul>
    </nav>
  
</li>
        
      </ul>
    </nav>
  
</li>
      
        <li class="md-nav__item">
  <a href="#deprecations-and-removals" class="md-nav__link">
    Deprecations and Removals
  </a>
  
    <nav class="md-nav" aria-label="Deprecations and Removals">
      <ul class="md-nav__list">
        
          <li class="md-nav__item">
  <a href="#sessionhandler" class="md-nav__link">
    SessionHandler
  </a>
  
</li>
        
          <li class="md-nav__item">
  <a href="#acp-sessions" class="md-nav__link">
    ACP Sessions
  </a>
  
</li>
        
          <li class="md-nav__item">
  <a href="#cookies" class="md-nav__link">
    Cookies
  </a>
  
</li>
        
          <li class="md-nav__item">
  <a href="#virtual-sessions" class="md-nav__link">
    Virtual Sessions
  </a>
  
</li>
        
          <li class="md-nav__item">
  <a href="#security-token-constants" class="md-nav__link">
    Security Token Constants
  </a>
  
</li>
        
          <li class="md-nav__item">
  <a href="#passwordutil-and-double-bcrypt-hashes" class="md-nav__link">
    PasswordUtil and Double BCrypt Hashes
  </a>
  
</li>
        
      </ul>
    </nav>
  
</li>
      
    </ul>
  
</nav>
      
    </li>
  

    <li class="md-nav__item">
      <a href="../javascript/" class="md-nav__link">
        TypeScript and JavaScript
      </a>
    </li>
  

    <li class="md-nav__item">
      <a href="../templates/" class="md-nav__link">
        Templates
      </a>
    </li>
  

    <li class="md-nav__item">
      <a href="../libraries/" class="md-nav__link">
        Third Party Libraries
      </a>
    </li>
  

        </ul>
      </nav>
    </li>
  

    <li class="md-nav__item md-nav__item--nested">
      
      
        <input class="md-nav__toggle md-toggle" data-md-toggle="__nav_6_4" type="checkbox" id="__nav_6_4" >
      
      
        <label class="md-nav__link" for="__nav_6_4">
          From WoltLab Suite 5.2
          <span class="md-nav__icon md-icon"></span>
        </label>
      
      <nav class="md-nav" aria-label="From WoltLab Suite 5.2" data-md-level="2">
        <label class="md-nav__title" for="__nav_6_4">
          <span class="md-nav__icon md-icon"></span>
          From WoltLab Suite 5.2
        </label>
        <ul class="md-nav__list" data-md-scrollfix>
          
            
    <li class="md-nav__item">
      <a href="../../wsc52/php/" class="md-nav__link">
        PHP API
      </a>
    </li>
  

    <li class="md-nav__item">
      <a href="../../wsc52/templates/" class="md-nav__link">
        Templates and Languages
      </a>
    </li>
  

    <li class="md-nav__item">
      <a href="../../wsc52/libraries/" class="md-nav__link">
        Third Party Libraries
      </a>
    </li>
  

        </ul>
      </nav>
    </li>
  

    <li class="md-nav__item md-nav__item--nested">
      
      
        <input class="md-nav__toggle md-toggle" data-md-toggle="__nav_6_5" type="checkbox" id="__nav_6_5" >
      
      
        <label class="md-nav__link" for="__nav_6_5">
          From WoltLab Suite 3.1
          <span class="md-nav__icon md-icon"></span>
        </label>
      
      <nav class="md-nav" aria-label="From WoltLab Suite 3.1" data-md-level="2">
        <label class="md-nav__title" for="__nav_6_5">
          <span class="md-nav__icon md-icon"></span>
          From WoltLab Suite 3.1
        </label>
        <ul class="md-nav__list" data-md-scrollfix>
          
            
    <li class="md-nav__item">
      <a href="../../wsc31/php/" class="md-nav__link">
        PHP API
      </a>
    </li>
  

        </ul>
      </nav>
    </li>
  

    <li class="md-nav__item md-nav__item--nested">
      
      
        <input class="md-nav__toggle md-toggle" data-md-toggle="__nav_6_6" type="checkbox" id="__nav_6_6" >
      
      
        <label class="md-nav__link" for="__nav_6_6">
          From WoltLab Suite 3.0
          <span class="md-nav__icon md-icon"></span>
        </label>
      
      <nav class="md-nav" aria-label="From WoltLab Suite 3.0" data-md-level="2">
        <label class="md-nav__title" for="__nav_6_6">
          <span class="md-nav__icon md-icon"></span>
          From WoltLab Suite 3.0
        </label>
        <ul class="md-nav__list" data-md-scrollfix>
          
            
    <li class="md-nav__item">
      <a href="../../wsc30/php/" class="md-nav__link">
        PHP API
      </a>
    </li>
  

    <li class="md-nav__item">
      <a href="../../wsc30/javascript/" class="md-nav__link">
        JavaScript API
      </a>
    </li>
  

    <li class="md-nav__item">
      <a href="../../wsc30/templates/" class="md-nav__link">
        Templates
      </a>
    </li>
  

    <li class="md-nav__item">
      <a href="../../wsc30/css/" class="md-nav__link">
        CSS
      </a>
    </li>
  

    <li class="md-nav__item">
      <a href="../../wsc30/package/" class="md-nav__link">
        Package Components
      </a>
    </li>
  

        </ul>
      </nav>
    </li>
  

    <li class="md-nav__item md-nav__item--nested">
      
      
        <input class="md-nav__toggle md-toggle" data-md-toggle="__nav_6_7" type="checkbox" id="__nav_6_7" >
      
      
        <label class="md-nav__link" for="__nav_6_7">
          From WCF 2.1
          <span class="md-nav__icon md-icon"></span>
        </label>
      
      <nav class="md-nav" aria-label="From WCF 2.1" data-md-level="2">
        <label class="md-nav__title" for="__nav_6_7">
          <span class="md-nav__icon md-icon"></span>
          From WCF 2.1
        </label>
        <ul class="md-nav__list" data-md-scrollfix>
          
            
    <li class="md-nav__item">
      <a href="../../wcf21/php/" class="md-nav__link">
        PHP API
      </a>
    </li>
  

    <li class="md-nav__item">
      <a href="../../wcf21/templates/" class="md-nav__link">
        Templates
      </a>
    </li>
  

    <li class="md-nav__item">
      <a href="../../wcf21/css/" class="md-nav__link">
        CSS
      </a>
    </li>
  

    <li class="md-nav__item">
      <a href="../../wcf21/package/" class="md-nav__link">
        Package Components
      </a>
    </li>
  

        </ul>
      </nav>
    </li>
  

        </ul>
      </nav>
    </li>
  

    <li class="md-nav__item md-nav__item--nested">
      
      
        <input class="md-nav__toggle md-toggle" data-md-toggle="__nav_7" type="checkbox" id="__nav_7" >
      
      
        <label class="md-nav__link" for="__nav_7">
          Tutorials
          <span class="md-nav__icon md-icon"></span>
        </label>
      
      <nav class="md-nav" aria-label="Tutorials" data-md-level="1">
        <label class="md-nav__title" for="__nav_7">
          <span class="md-nav__icon md-icon"></span>
          Tutorials
        </label>
        <ul class="md-nav__list" data-md-scrollfix>
          
            
    <li class="md-nav__item md-nav__item--nested">
      
      
        <input class="md-nav__toggle md-toggle" data-md-toggle="__nav_7_1" type="checkbox" id="__nav_7_1" >
      
      
        <label class="md-nav__link" for="__nav_7_1">
          Tutorial Series
          <span class="md-nav__icon md-icon"></span>
        </label>
      
      <nav class="md-nav" aria-label="Tutorial Series" data-md-level="2">
        <label class="md-nav__title" for="__nav_7_1">
          <span class="md-nav__icon md-icon"></span>
          Tutorial Series
        </label>
        <ul class="md-nav__list" data-md-scrollfix>
          
            
    <li class="md-nav__item">
      <a href="../../../tutorial/series/overview/" class="md-nav__link">
        Overview
      </a>
    </li>
  

    <li class="md-nav__item">
      <a href="../../../tutorial/series/part_1/" class="md-nav__link">
        Part 1
      </a>
    </li>
  

    <li class="md-nav__item">
      <a href="../../../tutorial/series/part_2/" class="md-nav__link">
        Part 2
      </a>
    </li>
  

    <li class="md-nav__item">
      <a href="../../../tutorial/series/part_3/" class="md-nav__link">
        Part 3
      </a>
    </li>
  

    <li class="md-nav__item">
      <a href="../../../tutorial/series/part_4/" class="md-nav__link">
        Part 4
      </a>
    </li>
  

    <li class="md-nav__item">
      <a href="../../../tutorial/series/part_5/" class="md-nav__link">
        Part 5
      </a>
    </li>
  

    <li class="md-nav__item">
      <a href="../../../tutorial/series/part_6/" class="md-nav__link">
        Part 6
      </a>
    </li>
  

        </ul>
      </nav>
    </li>
  

        </ul>
      </nav>
    </li>
  

  </ul>
</nav>
                  </div>
                </div>
              </div>
            
            
              <div class="md-sidebar md-sidebar--secondary" data-md-component="sidebar" data-md-type="toc" >
                <div class="md-sidebar__scrollwrap">
                  <div class="md-sidebar__inner">
                    

<nav class="md-nav md-nav--secondary" aria-label="Table of contents">
  
  
    <label class="md-nav__title" for="__toc">
      <span class="md-nav__icon md-icon"></span>
      Table of contents
    </label>
    <ul class="md-nav__list" data-md-component="toc" data-md-scrollfix>
      
        <li class="md-nav__item">
  <a href="#summary-and-concepts" class="md-nav__link">
    Summary and Concepts
  </a>
  
    <nav class="md-nav" aria-label="Summary and Concepts">
      <ul class="md-nav__list">
        
          <li class="md-nav__item">
  <a href="#legacy-persistent-login" class="md-nav__link">
    Legacy Persistent Login
  </a>
  
</li>
        
          <li class="md-nav__item">
  <a href="#multiple-sessions" class="md-nav__link">
    Multiple Sessions
  </a>
  
</li>
        
          <li class="md-nav__item">
  <a href="#merged-acp-and-frontend-sessions" class="md-nav__link">
    Merged ACP and Frontend Sessions
  </a>
  
</li>
        
          <li class="md-nav__item">
  <a href="#improved-authentication-and-reauthentication" class="md-nav__link">
    Improved Authentication and Reauthentication
  </a>
  
</li>
        
      </ul>
    </nav>
  
</li>
      
        <li class="md-nav__item">
  <a href="#additions-and-changes" class="md-nav__link">
    Additions and Changes
  </a>
  
    <nav class="md-nav" aria-label="Additions and Changes">
      <ul class="md-nav__list">
        
          <li class="md-nav__item">
  <a href="#password-hashing" class="md-nav__link">
    Password Hashing
  </a>
  
</li>
        
          <li class="md-nav__item">
  <a href="#session-storage" class="md-nav__link">
    Session Storage
  </a>
  
</li>
        
          <li class="md-nav__item">
  <a href="#reauthentication" class="md-nav__link">
    Reauthentication
  </a>
  
</li>
        
          <li class="md-nav__item">
  <a href="#multi-factor-authentication" class="md-nav__link">
    Multi-factor Authentication
  </a>
  
    <nav class="md-nav" aria-label="Multi-factor Authentication">
      <ul class="md-nav__list">
        
          <li class="md-nav__item">
  <a href="#adding-multi-factor-methods" class="md-nav__link">
    Adding Multi-factor Methods
  </a>
  
</li>
        
          <li class="md-nav__item">
  <a href="#enforcing-multi-factor-authentication" class="md-nav__link">
    Enforcing Multi-factor Authentication
  </a>
  
</li>
        
      </ul>
    </nav>
  
</li>
        
      </ul>
    </nav>
  
</li>
      
        <li class="md-nav__item">
  <a href="#deprecations-and-removals" class="md-nav__link">
    Deprecations and Removals
  </a>
  
    <nav class="md-nav" aria-label="Deprecations and Removals">
      <ul class="md-nav__list">
        
          <li class="md-nav__item">
  <a href="#sessionhandler" class="md-nav__link">
    SessionHandler
  </a>
  
</li>
        
          <li class="md-nav__item">
  <a href="#acp-sessions" class="md-nav__link">
    ACP Sessions
  </a>
  
</li>
        
          <li class="md-nav__item">
  <a href="#cookies" class="md-nav__link">
    Cookies
  </a>
  
</li>
        
          <li class="md-nav__item">
  <a href="#virtual-sessions" class="md-nav__link">
    Virtual Sessions
  </a>
  
</li>
        
          <li class="md-nav__item">
  <a href="#security-token-constants" class="md-nav__link">
    Security Token Constants
  </a>
  
</li>
        
          <li class="md-nav__item">
  <a href="#passwordutil-and-double-bcrypt-hashes" class="md-nav__link">
    PasswordUtil and Double BCrypt Hashes
  </a>
  
</li>
        
      </ul>
    </nav>
  
</li>
      
    </ul>
  
</nav>
                  </div>
                </div>
              </div>
            
          
            <div class="md-content" data-md-component="content">
              <article class="md-content__inner md-typeset">
                
                  
  <a href="https://github.com/WoltLab/docs.woltlab.com/edit/6.0/docs/migration/wsc53/session.md" title="Edit this page" class="md-content__button md-icon">
    
    <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M20.71 7.04c.39-.39.39-1.04 0-1.41l-2.34-2.34c-.37-.39-1.02-.39-1.41 0l-1.84 1.83 3.75 3.75M3 17.25V21h3.75L17.81 9.93l-3.75-3.75L3 17.25Z"/></svg>
  </a>


<h1 id="migrating-from-woltlab-suite-53-session-handling-and-authentication">Migrating from WoltLab Suite 5.3 - Session Handling and Authentication<a class="headerlink" href="#migrating-from-woltlab-suite-53-session-handling-and-authentication" title="Permanent link">#</a></h1>
<p>WoltLab Suite 5.4 includes a completely refactored session handling.
As long as you only interact with sessions via <code>WCF::getSession()</code>, especially when you perform read-only accesses, you should not notice any breaking changes.</p>
<p>You might appreciate some of the new session methods if you process security sensitive data.</p>
<h2 id="summary-and-concepts">Summary and Concepts<a class="headerlink" href="#summary-and-concepts" title="Permanent link">#</a></h2>
<p>Most of the changes revolve around the removal of the legacy persistent login functionality and the assumption that every user has a single session only.
Both aspects are related to each other.</p>
<h3 id="legacy-persistent-login">Legacy Persistent Login<a class="headerlink" href="#legacy-persistent-login" title="Permanent link">#</a></h3>
<p>The legacy persistent login was rather an automated login.
Upon bootstrapping a session, it was checked whether the user had a cookie pair storing the user’s <code>userID</code> and (a single BCrypt hash of) the user’s password.
If such a cookie pair exists and the BCrypt hash within the cookie matches the user’s password hash when hashed again, the session would immediately <code>changeUser()</code> to the respective user.</p>
<p>This legacy persistent login was completely removed.
Instead, any sessions that belong to an authenticated user will automatically be long-lived.
These long-lived sessions expire no sooner than 14 days after the last activity, ensuring that the user continously stays logged in, provided that they visit the page at least once per fortnight.</p>
<h3 id="multiple-sessions">Multiple Sessions<a class="headerlink" href="#multiple-sessions" title="Permanent link">#</a></h3>
<p>To allow for a proper separation of these long-lived user sessions, WoltLab Suite now allows for multiple sessions per user.
These sessions are completely unrelated to each other.
Specifically, they do not share session variables and they expire independently.</p>
<p>As the existing <code>wcf1_session</code> table is also used for the online lists and location tracking, it will be maintained on a best effort basis.
It no longer stores any private session data.</p>
<p>The actual sessions storing security sensitive information are in an unrelated location.
They must only be accessed via the PHP API exposed by the <code>SessionHandler</code>.</p>
<h3 id="merged-acp-and-frontend-sessions">Merged ACP and Frontend Sessions<a class="headerlink" href="#merged-acp-and-frontend-sessions" title="Permanent link">#</a></h3>
<p>WoltLab Suite 5.4 shares a single session across both the frontend, as well as the ACP.
When a user logs in to the frontend, they will also be logged into the ACP and vice versa.</p>
<p>Actual access to the ACP is controlled via the new <a href="#reauthentication">reauthentication mechanism</a>.</p>
<p>The session variable store is scoped:
Session variables set within the frontend are not available within the ACP and vice versa.</p>
<h3 id="improved-authentication-and-reauthentication">Improved Authentication and Reauthentication<a class="headerlink" href="#improved-authentication-and-reauthentication" title="Permanent link">#</a></h3>
<p>WoltLab Suite 5.4 ships with multi-factor authentication support and a generic re-authentication implementation that can be used to verify the account owner’s presence.</p>
<h2 id="additions-and-changes">Additions and Changes<a class="headerlink" href="#additions-and-changes" title="Permanent link">#</a></h2>
<h3 id="password-hashing">Password Hashing<a class="headerlink" href="#password-hashing" title="Permanent link">#</a></h3>
<p>WoltLab Suite 5.4 includes a new object-oriented password hashing framework that is modeled after PHP’s <code>password_*</code> API.
Check <a href="https://github.com/WoltLab/WCF/blob/master/wcfsetup/install/files/lib/system/user/authentication/password/PasswordAlgorithmManager.class.php"><code>PasswordAlgorithmManager</code></a> and <a href="https://github.com/WoltLab/WCF/blob/master/wcfsetup/install/files/lib/system/user/authentication/password/IPasswordAlgorithm.class.php"><code>IPasswordAlgorithm</code></a> for details.</p>
<p>The new default password hash is a standard BCrypt hash.
All newly generated hashes in <code>wcf1_user.password</code> will now include a type prefix, instead of just passwords imported from other systems.</p>
<h3 id="session-storage">Session Storage<a class="headerlink" href="#session-storage" title="Permanent link">#</a></h3>
<p>The <code>wcf1_session</code> table will no longer be used for session storage.
Instead, it is maintained for compatibility with existing online lists.</p>
<p>The actual session storage is considered an implementation detail and you <em>must not</em> directly interact with the session tables.
Future versions might support alternative session backends, such as Redis.</p>
<div class="admonition warning">
<p class="admonition-title">Do not interact directly with the session database tables but only via the <code>SessionHandler</code> class!</p>
</div>
<h3 id="reauthentication">Reauthentication<a class="headerlink" href="#reauthentication" title="Permanent link">#</a></h3>
<p>For security sensitive processing, you might want to ensure that the account owner is actually present instead of a third party accessing a session that was accidentally left logged in.</p>
<p>WoltLab Suite 5.4 ships with a generic reauthentication framework.
To request reauthentication within your controller you need to:</p>
<ol>
<li>Use the <code>wcf\system\user\authentication\TReauthenticationCheck</code> trait.</li>
<li>Call:
   <div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span></span><span class="normal">1</span>
<span class="normal">2</span>
<span class="normal">3</span></pre></div></td><td class="code"><div><pre><span></span><code><span class="nv">$this</span><span class="o">-&gt;</span><span class="na">requestReauthentication</span><span class="p">(</span><span class="nx">LinkHandler</span><span class="o">::</span><span class="na">getInstance</span><span class="p">()</span><span class="o">-&gt;</span><span class="na">getControllerLink</span><span class="p">(</span><span class="k">static</span><span class="o">::</span><span class="na">class</span><span class="p">,</span> <span class="p">[</span>
 <span class="cm">/* additional parameters */</span>
<span class="p">]));</span>
</code></pre></div></td></tr></table></div></li>
</ol>
<p><code>requestReauthentication()</code> will check if the user has recently authenticated themselves.
If they did, the request proceeds as usual.
Otherwise, they will be asked to reauthenticate themselves.
After the successful authentication, they will be redirected to the URL that was passed as the first parameter (the current controller within the example).</p>
<p>Details can be found in <a href="https://github.com/WoltLab/WCF/pull/3775">WoltLab/WCF#3775</a>.</p>
<h3 id="multi-factor-authentication">Multi-factor Authentication<a class="headerlink" href="#multi-factor-authentication" title="Permanent link">#</a></h3>
<p>To implement multi-factor authentication securely, WoltLab Suite 5.4 implements the concept of a “pending user change”.
The user will not be logged in (i.e. <code>WCF::getUser()-&gt;userID</code> returns <code>null</code>) until they authenticate themselves with their second factor.</p>
<p>Requesting multi-factor authentication is done on an opt-in basis for compatibility reasons.
If you perform authentication yourself and do not trust the authentication source to perform multi-factor authentication itself, you will need to adjust your logic to request multi-factor authentication from WoltLab Suite:</p>
<p>Previously:</p>
<div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span></span><span class="normal">1</span></pre></div></td><td class="code"><div><pre><span></span><code><span class="nx">WCF</span><span class="o">::</span><span class="na">getSession</span><span class="p">()</span><span class="o">-&gt;</span><span class="na">changeUser</span><span class="p">(</span><span class="nv">$targetUser</span><span class="p">);</span>
</code></pre></div></td></tr></table></div>
<p>Now:</p>
<div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span></span><span class="normal"> 1</span>
<span class="normal"> 2</span>
<span class="normal"> 3</span>
<span class="normal"> 4</span>
<span class="normal"> 5</span>
<span class="normal"> 6</span>
<span class="normal"> 7</span>
<span class="normal"> 8</span>
<span class="normal"> 9</span>
<span class="normal">10</span></pre></div></td><td class="code"><div><pre><span></span><code><span class="nv">$isPending</span> <span class="o">=</span> <span class="nx">WCF</span><span class="o">::</span><span class="na">getSession</span><span class="p">()</span><span class="o">-&gt;</span><span class="na">changeUserAfterMultifactorAuthentication</span><span class="p">(</span><span class="nv">$targetUser</span><span class="p">);</span>
<span class="k">if</span> <span class="p">(</span><span class="nv">$isPending</span><span class="p">)</span> <span class="p">{</span>
    <span class="c1">// Redirect to the authentication form. The user will not be logged in.</span>
    <span class="c1">// Note: Do not use `getControllerLink` to support both the frontend as well as the ACP.</span>
    <span class="nx">HeaderUtil</span><span class="o">::</span><span class="na">redirect</span><span class="p">(</span><span class="nx">LinkHandler</span><span class="o">::</span><span class="na">getInstance</span><span class="p">()</span><span class="o">-&gt;</span><span class="na">getLink</span><span class="p">(</span><span class="s1">&#39;MultifactorAuthentication&#39;</span><span class="p">,</span> <span class="p">[</span>
        <span class="s1">&#39;url&#39;</span> <span class="o">=&gt;</span> <span class="cm">/* Return To */</span><span class="p">,</span>
    <span class="p">]));</span>
    <span class="k">exit</span><span class="p">;</span>
<span class="p">}</span>
<span class="c1">// Proceed as usual. The user will be logged in.</span>
</code></pre></div></td></tr></table></div>
<h4 id="adding-multi-factor-methods">Adding Multi-factor Methods<a class="headerlink" href="#adding-multi-factor-methods" title="Permanent link">#</a></h4>
<p>Adding your own multi-factor method requires the implementation of a single object type:</p>
<div class="highlight"><table class="highlighttable"><tr><th colspan="2" class="filename"><span class="filename">objectType.xml</span></th></tr><tr><td class="linenos"><div class="linenodiv"><pre><span></span><span class="normal">1</span>
<span class="normal">2</span>
<span class="normal">3</span>
<span class="normal">4</span>
<span class="normal">5</span>
<span class="normal">6</span>
<span class="normal">7</span></pre></div></td><td class="code"><div><pre><span></span><code><span class="nt">&lt;type&gt;</span>
   <span class="nt">&lt;name&gt;</span>com.example.multifactor.foobar<span class="nt">&lt;/name&gt;</span>
   <span class="nt">&lt;definitionname&gt;</span>com.woltlab.wcf.multifactor<span class="nt">&lt;/definitionname&gt;</span>
   <span class="nt">&lt;icon&gt;</span><span class="cm">&lt;!-- Font Awesome 4 Icon Name goes here. --&gt;</span><span class="nt">&lt;/icon&gt;</span>
   <span class="nt">&lt;priority&gt;</span><span class="cm">&lt;!-- Determines the sort order, higher priority will be preferred for authentication. --&gt;</span><span class="nt">&lt;/priority&gt;</span>
   <span class="nt">&lt;classname&gt;</span>wcf\system\user\multifactor\FoobarMultifactorMethod<span class="nt">&lt;/classname&gt;</span>
<span class="nt">&lt;/type&gt;</span>
</code></pre></div></td></tr></table></div>
<p>The given classname must implement the <a href="https://github.com/WoltLab/WCF/blob/master/wcfsetup/install/files/lib/system/user/multifactor/IMultifactorMethod.class.php"><code>IMultifactorMethod</code></a> interface.</p>
<p>As a self-contained example, you can find the initial implementation of the email multi-factor method in <a href="https://github.com/WoltLab/WCF/pull/3729">WoltLab/WCF#3729</a>.
Please check <a href="https://github.com/WoltLab/WCF/commits/master/wcfsetup/install/files/lib/system/user/multifactor/EmailMultifactorMethod.class.php">the version history</a> of the PHP class to make sure you do not miss important changes that were added later.</p>
<div class="admonition warning">
<p class="admonition-title">Multi-factor authentication is security sensitive. Make sure to carefully read the remarks in <code>IMultifactorMethod</code> for possible issues. Also make sure to carefully test your implementation against all sorts of incorrect input and consider attack vectors such as race conditions. It is strongly recommended to generously check the current state by leveraging assertions and exceptions.</p>
</div>
<h4 id="enforcing-multi-factor-authentication">Enforcing Multi-factor Authentication<a class="headerlink" href="#enforcing-multi-factor-authentication" title="Permanent link">#</a></h4>
<p>To enforce Multi-factor Authentication within your controller you need to:</p>
<ol>
<li>Use the <code>wcf\system\user\multifactor\TMultifactorRequirementEnforcer</code> trait.</li>
<li>Call: <code>$this-&gt;enforceMultifactorAuthentication();</code></li>
</ol>
<p><code>enforceMultifactorAuthentication()</code> will check if the user is in a group that requires multi-factor authentication, but does not yet have multi-factor authentication enabled.
If they did, the request proceeds as usual.
Otherwise, a <code>NamedUserException</code> is thrown.</p>
<h2 id="deprecations-and-removals">Deprecations and Removals<a class="headerlink" href="#deprecations-and-removals" title="Permanent link">#</a></h2>
<h3 id="sessionhandler">SessionHandler<a class="headerlink" href="#sessionhandler" title="Permanent link">#</a></h3>
<p>Most of the changes with regard to the new session handling happened in <code>SessionHandler</code>.
Most notably, <code>SessionHandler</code> now is marked <code>final</code> to ensure proper encapsulation of data.</p>
<p>A number of methods in <code>SessionHandler</code> are now deprecated and result in a noop.
This change mostly affects methods that have been used to bootstrap the session, such as <code>setHasValidCookie()</code>.</p>
<p>Additionally, accessing the following keys on the session is deprecated.
They directly map to an existing method in another class and any uses can easily be updated:
- <code>ipAddress</code>
- <code>userAgent</code>
- <code>requestURI</code>
- <code>requestMethod</code>
- <code>lastActivityTime</code></p>
<p>Refer to <a href="https://github.com/WoltLab/WCF/blob/439de4963c947c3569a0c584f795245f693155b0/wcfsetup/install/files/lib/system/session/SessionHandler.class.php#L168-L178">the implementation</a> for details.</p>
<h3 id="acp-sessions">ACP Sessions<a class="headerlink" href="#acp-sessions" title="Permanent link">#</a></h3>
<p>The database tables related to ACP sessions have been removed.
The PHP classes have been preserved due to being used within the class hierarchy of the legacy sessions.</p>
<h3 id="cookies">Cookies<a class="headerlink" href="#cookies" title="Permanent link">#</a></h3>
<p>The <code>_userID</code>, <code>_password</code>, <code>_cookieHash</code> and <code>_cookieHash_acp</code> cookies will no longer be created nor consumed.</p>
<h3 id="virtual-sessions">Virtual Sessions<a class="headerlink" href="#virtual-sessions" title="Permanent link">#</a></h3>
<p>The virtual session logic existed to support multiple devices per single session in <code>wcf1_session</code>.
Virtual sessions are no longer required with the refactored session handling.</p>
<p>Anything related to virtual sessions has been completely removed as they are considered an implementation detail.
This removal includes PHP classes and database tables.</p>
<h3 id="security-token-constants">Security Token Constants<a class="headerlink" href="#security-token-constants" title="Permanent link">#</a></h3>
<p>The security token constants are deprecated.
Instead, the methods of <code>SessionHandler</code> should be used (e.g. <code>-&gt;getSecurityToken()</code>).
Within templates, you should migrate to the <code>{csrfToken}</code> tag in place of <code>{@SECURITY_TOKEN_INPUT_TAG}</code>.
The <code>{csrfToken}</code> tag is a drop-in replacement and was backported to WoltLab Suite 5.2+, allowing you to maintain compatibility across a broad range of versions.</p>
<h3 id="passwordutil-and-double-bcrypt-hashes">PasswordUtil and Double BCrypt Hashes<a class="headerlink" href="#passwordutil-and-double-bcrypt-hashes" title="Permanent link">#</a></h3>
<p>Most of the methods in PasswordUtil are deprecated in favor of the new password hashing framework.</p>

  <hr>
<div class="md-source-file">
  <small>
    
      Last update:
      2022-05-13
    
  </small>
</div>


              </article>
            </div>
          
          
        </div>
        
      </main>
      
        <footer class="md-footer">
  
    
    <nav class="md-footer__inner md-grid" aria-label="Footer" >
      
        
        <a href="../php/" class="md-footer__link md-footer__link--prev" aria-label="Previous: PHP API" rel="prev">
          <div class="md-footer__button md-icon">
            <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M20 11v2H8l5.5 5.5-1.42 1.42L4.16 12l7.92-7.92L13.5 5.5 8 11h12Z"/></svg>
          </div>
          <div class="md-footer__title">
            <div class="md-ellipsis">
              <span class="md-footer__direction">
                Previous
              </span>
              PHP API
            </div>
          </div>
        </a>
      
      
        <a href="../javascript/" class="md-footer__link md-footer__link--next" aria-label="Next: TypeScript and JavaScript" rel="next">
          <div class="md-footer__title">
            <div class="md-ellipsis">
              <span class="md-footer__direction">
                Next
              </span>
              TypeScript and JavaScript
            </div>
          </div>
          <div class="md-footer__button md-icon">
            <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M4 11v2h12l-5.5 5.5 1.42 1.42L19.84 12l-7.92-7.92L10.5 5.5 16 11H4Z"/></svg>
          </div>
        </a>
      
    </nav>
  
  <div class="md-footer-meta md-typeset">
    <div class="md-footer-meta__inner md-grid">
      <div class="md-copyright">
  
    <div class="md-copyright__highlight">
      Copyright © 2020 WoltLab GmbH
    </div>
  
  
    Made with
    <a href="https://squidfunk.github.io/mkdocs-material/" target="_blank" rel="noopener">
      Material for MkDocs
    </a>
  
</div>
      
        <div class="md-copyright">
	<a href="https://www.woltlab.com/legal-notice/">Legal Notice</a> 
	<a href="https://www.woltlab.com/privacy-policy/">Privacy Policy</a>
</div>
      
    </div>
  </div>
</footer>
      
    </div>
    <div class="md-dialog" data-md-component="dialog">
      <div class="md-dialog__inner md-typeset"></div>
    </div>
    
    <script id="__config" type="application/json">{"base": "../../..", "features": ["navigation.tracking"], "search": "../../../assets/javascripts/workers/search.5bf1dace.min.js", "translations": {"clipboard.copied": "Copied to clipboard", "clipboard.copy": "Copy to clipboard", "search.config.lang": "en", "search.config.pipeline": "trimmer, stopWordFilter", "search.config.separator": "[\\s\\-]+", "search.placeholder": "Search", "search.result.more.one": "1 more on this page", "search.result.more.other": "# more on this page", "search.result.none": "No matching documents", "search.result.one": "1 matching document", "search.result.other": "# matching documents", "search.result.placeholder": "Type to start searching", "search.result.term.missing": "Missing", "select.version.title": "Select version"}, "version": {"provider": "mike"}}</script>
    
    
      <script src="../../../assets/javascripts/bundle.078830c0.min.js"></script>
      
    
  </body>
</html>