projects / GitHub / WoltLab / woltlab.github.io.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Deployed 901748f to 5.4 with MkDocs 1.1.2 and mike 0.5.5
[GitHub/WoltLab/woltlab.github.io.git] / latest / migration / wsc53 / session / index.html
CommitLineData
0c5338dd
TD		 1
2<!doctype html>
3<html lang="en" class="no-js">
4 <head>
5
6 <meta charset="utf-8">
7 <meta name="viewport" content="width=device-width,initial-scale=1">
8
9
10
11
fb962f09
WG		 12 <link rel="icon" href="../../../assets/default.favicon.ico">
13 <meta name="generator" content="mkdocs-1.1.2, mkdocs-material-7.1.0">
0c5338dd
TD		 14
15
16
17 <title>Session Handling and Authentication - WoltLab Suite Documentation</title>
18
19
20
fb962f09 21 <link rel="stylesheet" href="../../../assets/stylesheets/main.33e2939f.min.css">
0c5338dd
TD		 22
23
fb962f09 24 <link rel="stylesheet" href="../../../assets/stylesheets/palette.ef6f36e2.min.css">
0c5338dd
TD		 25
26
27
28 <meta name="theme-color" content="#009485">
29
30
31
32
33
fd8430cb
WG		 34
35
0c5338dd
TD		 36
37
38 <link rel="stylesheet" href="../../../stylesheets/extra.css">
39
40
41
42
43
44 </head>
45
46
47
48
49
50
51
52 <body dir="ltr" data-md-color-scheme="" data-md-color-primary="teal" data-md-color-accent="">
0c5338dd
TD		 53
54
fb962f09
WG		 55 <script>function __prefix(e){return new URL("../../..",location).pathname+"."+e}function __get(e,t=localStorage){return JSON.parse(t.getItem(__prefix(e)))}</script>
56
0c5338dd
TD		 57 <input class="md-toggle" data-md-toggle="drawer" type="checkbox" id="__drawer" autocomplete="off">
58 <input class="md-toggle" data-md-toggle="search" type="checkbox" id="__search" autocomplete="off">
59 <label class="md-overlay" for="__drawer"></label>
60 <div data-md-component="skip">
61
62
63 <a href="#migrating-from-wsc-53-session-handling-and-authentication" class="md-skip">
64 Skip to content
65 </a>
66
67 </div>
68 <div data-md-component="announce">
69
70 <aside class="md-announce">
71 <div class="md-announce__inner md-grid md-typeset">
72
73 <a href="https://www.woltlab.com">Back to <strong>woltlab.com</strong></a>
74
75 </div>
76 </aside>
77
78 </div>
79
fb962f09 80 <header class="md-header" data-md-component="header">
0c5338dd 81 <nav class="md-header__inner md-grid" aria-label="Header">
fb962f09 82 <a href="../../.." title="WoltLab Suite Documentation" class="md-header__button md-logo" aria-label="WoltLab Suite Documentation" data-md-component="logo">
0c5338dd
TD		 83
84 <img src="../../../assets/logo.png" alt="logo">
85
86 </a>
87 <label class="md-header__button md-icon" for="__drawer">
88 <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M3 6h18v2H3V6m0 5h18v2H3v-2m0 5h18v2H3v-2z"/></svg>
89 </label>
90 <div class="md-header__title" data-md-component="header-title">
91 <div class="md-header__ellipsis">
92 <div class="md-header__topic">
93 <span class="md-ellipsis">
94 WoltLab Suite Documentation
95 </span>
96 </div>
97 <div class="md-header__topic" data-md-component="header-topic">
98 <span class="md-ellipsis">
99
100 Session Handling and Authentication
101
102 </span>
103 </div>
104 </div>
0c5338dd
TD		 105 </div>
106
fb962f09
WG		 107
108
a3639e76
WG		 109 <label class="md-header__button md-icon" for="__search">
110 <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M9.5 3A6.5 6.5 0 0 1 16 9.5c0 1.61-.59 3.09-1.56 4.23l.27.27h.79l5 5-1.5 1.5-5-5v-.79l-.27-.27A6.516 6.516 0 0 1 9.5 16 6.5 6.5 0 0 1 3 9.5 6.5 6.5 0 0 1 9.5 3m0 2C7 5 5 7 5 9.5S7 14 9.5 14 14 12 14 9.5 12 5 9.5 5z"/></svg>
111 </label>
112
113<div class="md-search" data-md-component="search" role="dialog">
114 <label class="md-search__overlay" for="__search"></label>
115 <div class="md-search__inner" role="search">
116 <form class="md-search__form" name="search">
117 <input type="text" class="md-search__input" name="query" aria-label="Search" placeholder="Search" autocapitalize="off" autocorrect="off" autocomplete="off" spellcheck="false" data-md-component="search-query" data-md-state="active" required>
118 <label class="md-search__icon md-icon" for="__search">
119 <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M9.5 3A6.5 6.5 0 0 1 16 9.5c0 1.61-.59 3.09-1.56 4.23l.27.27h.79l5 5-1.5 1.5-5-5v-.79l-.27-.27A6.516 6.516 0 0 1 9.5 16 6.5 6.5 0 0 1 3 9.5 6.5 6.5 0 0 1 9.5 3m0 2C7 5 5 7 5 9.5S7 14 9.5 14 14 12 14 9.5 12 5 9.5 5z"/></svg>
120 <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M20 11v2H8l5.5 5.5-1.42 1.42L4.16 12l7.92-7.92L13.5 5.5 8 11h12z"/></svg>
121 </label>
122 <button type="reset" class="md-search__icon md-icon" aria-label="Clear" tabindex="-1">
fb962f09 123 <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M19 6.41 17.59 5 12 10.59 6.41 5 5 6.41 10.59 12 5 17.59 6.41 19 12 13.41 17.59 19 19 17.59 13.41 12 19 6.41z"/></svg>
a3639e76
WG		 124 </button>
125 </form>
126 <div class="md-search__output">
127 <div class="md-search__scrollwrap" data-md-scrollfix>
128 <div class="md-search-result" data-md-component="search-result">
129 <div class="md-search-result__meta">
130 Initializing search
131 </div>
132 <ol class="md-search-result__list"></ol>
133 </div>
134 </div>
135 </div>
136 </div>
137</div>
138
0c5338dd 139
7124f4cb
WG		 140 <div class="md-header__source">
141
142<a href="https://github.com/WoltLab/docs.woltlab.com/" title="Go to repository" class="md-source" data-md-component="source">
143 <div class="md-source__icon md-icon">
144
fb962f09 145 <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 448 512"><path d="M439.55 236.05 244 40.45a28.87 28.87 0 0 0-40.81 0l-40.66 40.63 51.52 51.52c27.06-9.14 52.68 16.77 43.39 43.68l49.66 49.66c34.23-11.8 61.18 31 35.47 56.69-26.49 26.49-70.21-2.87-56-37.34L240.22 199v121.85c25.3 12.54 22.26 41.85 9.08 55a34.34 34.34 0 0 1-48.55 0c-17.57-17.6-11.07-46.91 11.25-56v-123c-20.8-8.51-24.6-30.74-18.64-45L142.57 101 8.45 235.14a28.86 28.86 0 0 0 0 40.81l195.61 195.6a28.86 28.86 0 0 0 40.8 0l194.69-194.69a28.86 28.86 0 0 0 0-40.81z"/></svg>
7124f4cb
WG		 146 </div>
147 <div class="md-source__repository">
148 GitHub
149 </div>
150</a>
151 </div>
152
0c5338dd
TD		 153 </nav>
154</header>
155
156 <div class="md-container" data-md-component="container">
157
158
159
160
161 <main class="md-main" data-md-component="main">
162 <div class="md-main__inner md-grid">
163
164
165
166 <div class="md-sidebar md-sidebar--primary" data-md-component="sidebar" data-md-type="navigation" >
167 <div class="md-sidebar__scrollwrap">
168 <div class="md-sidebar__inner">
169
170
171
0c5338dd
TD		 172<nav class="md-nav md-nav--primary" aria-label="Navigation" data-md-level="0">
173 <label class="md-nav__title" for="__drawer">
fb962f09 174 <a href="../../.." title="WoltLab Suite Documentation" class="md-nav__button md-logo" aria-label="WoltLab Suite Documentation" data-md-component="logo">
0c5338dd
TD		 175
176 <img src="../../../assets/logo.png" alt="logo">
177
178 </a>
179 WoltLab Suite Documentation
180 </label>
181
7124f4cb
WG		 182 <div class="md-nav__source">
183
184<a href="https://github.com/WoltLab/docs.woltlab.com/" title="Go to repository" class="md-source" data-md-component="source">
185 <div class="md-source__icon md-icon">
186
fb962f09 187 <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 448 512"><path d="M439.55 236.05 244 40.45a28.87 28.87 0 0 0-40.81 0l-40.66 40.63 51.52 51.52c27.06-9.14 52.68 16.77 43.39 43.68l49.66 49.66c34.23-11.8 61.18 31 35.47 56.69-26.49 26.49-70.21-2.87-56-37.34L240.22 199v121.85c25.3 12.54 22.26 41.85 9.08 55a34.34 34.34 0 0 1-48.55 0c-17.57-17.6-11.07-46.91 11.25-56v-123c-20.8-8.51-24.6-30.74-18.64-45L142.57 101 8.45 235.14a28.86 28.86 0 0 0 0 40.81l195.61 195.6a28.86 28.86 0 0 0 40.8 0l194.69-194.69a28.86 28.86 0 0 0 0-40.81z"/></svg>
7124f4cb
WG		 188 </div>
189 <div class="md-source__repository">
190 GitHub
191 </div>
192</a>
193 </div>
194
0c5338dd
TD		 195 <ul class="md-nav__list" data-md-scrollfix>
196
197
198
199
200
201
202
203
204 <li class="md-nav__item">
205 <a href="../../../getting-started/" class="md-nav__link">
206 Getting Started
207 </a>
208 </li>
209
210
211
212
213
214
215
216
217
218
219
220 <li class="md-nav__item md-nav__item--nested">
221
222
223 <input class="md-nav__toggle md-toggle" data-md-toggle="__nav_2" type="checkbox" id="__nav_2" >
224
225 <label class="md-nav__link" for="__nav_2">
226 PHP API
227 <span class="md-nav__icon md-icon"></span>
228 </label>
229 <nav class="md-nav" aria-label="PHP API" data-md-level="1">
230 <label class="md-nav__title" for="__nav_2">
231 <span class="md-nav__icon md-icon"></span>
232 PHP API
233 </label>
234 <ul class="md-nav__list" data-md-scrollfix>
235
236
237
238
239
240 <li class="md-nav__item">
241 <a href="../../../php/pages/" class="md-nav__link">
242 Pages
243 </a>
244 </li>
245
246
247
248
249
250
251
252 <li class="md-nav__item">
253 <a href="../../../php/database-objects/" class="md-nav__link">
254 Database Objects
255 </a>
256 </li>
257
258
259
260
261
262
263
264 <li class="md-nav__item">
265 <a href="../../../php/database-access/" class="md-nav__link">
266 Database Access
267 </a>
268 </li>
269
270
271
272
273
274
275
276 <li class="md-nav__item">
277 <a href="../../../php/exceptions/" class="md-nav__link">
278 Exceptions
279 </a>
280 </li>
281
282
283
284
285
286
287
288
289 <li class="md-nav__item md-nav__item--nested">
290
291
292 <input class="md-nav__toggle md-toggle" data-md-toggle="__nav_2_5" type="checkbox" id="__nav_2_5" >
293
294 <label class="md-nav__link" for="__nav_2_5">
295 API
296 <span class="md-nav__icon md-icon"></span>
297 </label>
298 <nav class="md-nav" aria-label="API" data-md-level="2">
299 <label class="md-nav__title" for="__nav_2_5">
300 <span class="md-nav__icon md-icon"></span>
301 API
302 </label>
303 <ul class="md-nav__list" data-md-scrollfix>
304
305
306
307
308
309 <li class="md-nav__item">
310 <a href="../../../php/api/caches/" class="md-nav__link">
311 Caches
312 </a>
313 </li>
314
315
316
317
318
319
320
321 <li class="md-nav__item">
322 <a href="../../../php/api/comments/" class="md-nav__link">
323 Comments
324 </a>
325 </li>
326
327
328
329
330
331
332
333 <li class="md-nav__item">
334 <a href="../../../php/api/cronjobs/" class="md-nav__link">
335 Cronjobs
336 </a>
337 </li>
338
339
340
341
342
343
344
345 <li class="md-nav__item">
346 <a href="../../../php/api/events/" class="md-nav__link">
347 Events
348 </a>
349 </li>
350
351
352
353
354
355
356
357
358 <li class="md-nav__item md-nav__item--nested">
359
360
361 <input class="md-nav__toggle md-toggle" data-md-toggle="__nav_2_5_5" type="checkbox" id="__nav_2_5_5" >
362
363 <label class="md-nav__link" for="__nav_2_5_5">
364 Form Builder
365 <span class="md-nav__icon md-icon"></span>
366 </label>
367 <nav class="md-nav" aria-label="Form Builder" data-md-level="3">
368 <label class="md-nav__title" for="__nav_2_5_5">
369 <span class="md-nav__icon md-icon"></span>
370 Form Builder
371 </label>
372 <ul class="md-nav__list" data-md-scrollfix>
373
374
375
376
377
378 <li class="md-nav__item">
379 <a href="../../../php/api/form_builder/overview/" class="md-nav__link">
380 Overview
381 </a>
382 </li>
383
384
385
386
387
388
389
390 <li class="md-nav__item">
391 <a href="../../../php/api/form_builder/structure/" class="md-nav__link">
392 Structure
393 </a>
394 </li>
395
396
397
398
399
400
401
402 <li class="md-nav__item">
403 <a href="../../../php/api/form_builder/form_fields/" class="md-nav__link">
404 Fields
405 </a>
406 </li>
407
408
409
410
411
412
413
414 <li class="md-nav__item">
415 <a href="../../../php/api/form_builder/validation_data/" class="md-nav__link">
416 Validation and Data
417 </a>
418 </li>
419
420
421
422
423
424
425
426 <li class="md-nav__item">
427 <a href="../../../php/api/form_builder/dependencies/" class="md-nav__link">
428 Dependencies
429 </a>
430 </li>
431
432
433
434 </ul>
435 </nav>
436 </li>
437
438
439
440
441
442
443
444 <li class="md-nav__item">
445 <a href="../../../php/api/package_installation_plugins/" class="md-nav__link">
446 Package Installation Plugins
447 </a>
448 </li>
449
450
451
452
453
454
455
456 <li class="md-nav__item">
457 <a href="../../../php/api/user_activity_points/" class="md-nav__link">
458 User Activity Points
459 </a>
460 </li>
461
462
463
464
465
466
467
468 <li class="md-nav__item">
469 <a href="../../../php/api/user_notifications/" class="md-nav__link">
470 User Notifications
471 </a>
472 </li>
473
474
475
476
477
478
479
480 <li class="md-nav__item">
481 <a href="../../../php/api/sitemaps/" class="md-nav__link">
482 Sitemaps
483 </a>
484 </li>
485
486
487
488 </ul>
489 </nav>
490 </li>
491
492
493
494
495
496
497
498 <li class="md-nav__item">
499 <a href="../../../php/code-style/" class="md-nav__link">
500 Code Style
501 </a>
502 </li>
503
504
505
506
507
508
509
510 <li class="md-nav__item">
511 <a href="../../../php/apps/" class="md-nav__link">
512 Apps
513 </a>
514 </li>
515
516
517
518
519
520
521
522 <li class="md-nav__item">
523 <a href="../../../php/gdpr/" class="md-nav__link">
524 GDPR
525 </a>
526 </li>
527
528
529
530 </ul>
531 </nav>
532 </li>
533
534
535
536
537
538
539
540
541
542
543
544 <li class="md-nav__item md-nav__item--nested">
545
546
547 <input class="md-nav__toggle md-toggle" data-md-toggle="__nav_3" type="checkbox" id="__nav_3" >
548
549 <label class="md-nav__link" for="__nav_3">
550 Languages, Templates & CSS
551 <span class="md-nav__icon md-icon"></span>
552 </label>
553 <nav class="md-nav" aria-label="Languages, Templates & CSS" data-md-level="1">
554 <label class="md-nav__title" for="__nav_3">
555 <span class="md-nav__icon md-icon"></span>
556 Languages, Templates & CSS
557 </label>
558 <ul class="md-nav__list" data-md-scrollfix>
559
560
561
562
563
564 <li class="md-nav__item">
565 <a href="../../../view/languages/" class="md-nav__link">
566 Languages
567 </a>
568 </li>
569
570
571
572
573
574
575
576 <li class="md-nav__item">
577 <a href="../../../view/templates/" class="md-nav__link">
578 Templates
579 </a>
580 </li>
581
582
583
584
585
586
587
588 <li class="md-nav__item">
589 <a href="../../../view/css/" class="md-nav__link">
590 CSS
591 </a>
592 </li>
593
594
595
596 </ul>
597 </nav>
598 </li>
599
600
601
602
603
604
605
606
607
608
609
610 <li class="md-nav__item md-nav__item--nested">
611
612
613 <input class="md-nav__toggle md-toggle" data-md-toggle="__nav_4" type="checkbox" id="__nav_4" >
614
615 <label class="md-nav__link" for="__nav_4">
77efcd46 616 TypeScript and JavaScript API
0c5338dd
TD		 617 <span class="md-nav__icon md-icon"></span>
618 </label>
77efcd46 619 <nav class="md-nav" aria-label="TypeScript and JavaScript API" data-md-level="1">
0c5338dd
TD		 620 <label class="md-nav__title" for="__nav_4">
621 <span class="md-nav__icon md-icon"></span>
77efcd46 622 TypeScript and JavaScript API
0c5338dd
TD		 623 </label>
624 <ul class="md-nav__list" data-md-scrollfix>
625
626
627
628
629
630 <li class="md-nav__item">
631 <a href="../../../javascript/general-usage/" class="md-nav__link">
632 General Usage
633 </a>
634 </li>
635
636
637
638
639
640
641
77efcd46
WG		 642 <li class="md-nav__item">
643 <a href="../../../javascript/typescript/" class="md-nav__link">
644 TypeScript
645 </a>
646 </li>
647
648
649
650
651
652
653
0c5338dd
TD		 654
655 <li class="md-nav__item md-nav__item--nested">
656
657
77efcd46 658 <input class="md-nav__toggle md-toggle" data-md-toggle="__nav_4_3" type="checkbox" id="__nav_4_3" >
0c5338dd 659
77efcd46 660 <label class="md-nav__link" for="__nav_4_3">
0c5338dd
TD		 661 New API
662 <span class="md-nav__icon md-icon"></span>
663 </label>
664 <nav class="md-nav" aria-label="New API" data-md-level="2">
77efcd46 665 <label class="md-nav__title" for="__nav_4_3">
0c5338dd
TD		 666 <span class="md-nav__icon md-icon"></span>
667 New API
668 </label>
669 <ul class="md-nav__list" data-md-scrollfix>
670
671
672
673
674
675 <li class="md-nav__item">
676 <a href="../../../javascript/new-api_writing-a-module/" class="md-nav__link">
677 Writing a module
678 </a>
679 </li>
680
681
682
683
684
685
686
687 <li class="md-nav__item">
688 <a href="../../../javascript/new-api_data-structures/" class="md-nav__link">
689 Data Structures
690 </a>
691 </li>
692
693
694
695
696
697
698
699 <li class="md-nav__item">
700 <a href="../../../javascript/new-api_core/" class="md-nav__link">
701 Core Functions
702 </a>
703 </li>
704
705
706
707
708
709
710
711 <li class="md-nav__item">
712 <a href="../../../javascript/new-api_dom/" class="md-nav__link">
713 DOM
714 </a>
715 </li>
716
717
718
719
720
721
722
723 <li class="md-nav__item">
724 <a href="../../../javascript/new-api_events/" class="md-nav__link">
725 Event Handling
726 </a>
727 </li>
728
729
730
731
732
733
734
735 <li class="md-nav__item">
736 <a href="../../../javascript/new-api_ajax/" class="md-nav__link">
737 Ajax
738 </a>
739 </li>
740
741
742
743
744
745
746
747 <li class="md-nav__item">
748 <a href="../../../javascript/new-api_dialogs/" class="md-nav__link">
749 Dialogs
750 </a>
751 </li>
752
753
754
755
756
757
758
759 <li class="md-nav__item">
760 <a href="../../../javascript/new-api_browser/" class="md-nav__link">
761 Browser and Screen Sizes
762 </a>
763 </li>
764
765
766
767
768
769
770
771 <li class="md-nav__item">
772 <a href="../../../javascript/new-api_ui/" class="md-nav__link">
773 User Interface
774 </a>
775 </li>
776
777
778
779 </ul>
780 </nav>
781 </li>
782
783
784
785
786
787
788
789 <li class="md-nav__item">
790 <a href="../../../javascript/legacy-api/" class="md-nav__link">
791 Legacy API
792 </a>
793 </li>
794
795
796
797
798
799
800
801 <li class="md-nav__item">
802 <a href="../../../javascript/helper-functions/" class="md-nav__link">
803 Helper Functions
804 </a>
805 </li>
806
807
808
809
810
811
812
813 <li class="md-nav__item">
814 <a href="../../../javascript/code-snippets/" class="md-nav__link">
815 Code Snippets
816 </a>
817 </li>
818
819
820
821 </ul>
822 </nav>
823 </li>
824
825
826
827
828
829
830
831
832
833
834
835 <li class="md-nav__item md-nav__item--nested">
836
837
838 <input class="md-nav__toggle md-toggle" data-md-toggle="__nav_5" type="checkbox" id="__nav_5" >
839
840 <label class="md-nav__link" for="__nav_5">
841 Package Components
842 <span class="md-nav__icon md-icon"></span>
843 </label>
844 <nav class="md-nav" aria-label="Package Components" data-md-level="1">
845 <label class="md-nav__title" for="__nav_5">
846 <span class="md-nav__icon md-icon"></span>
847 Package Components
848 </label>
849 <ul class="md-nav__list" data-md-scrollfix>
850
851
852
853
854
855 <li class="md-nav__item">
856 <a href="../../../package/package-xml/" class="md-nav__link">
857 package.xml
858 </a>
859 </li>
860
861
862
863
864
865
866
867
868 <li class="md-nav__item md-nav__item--nested">
869
870
871 <input class="md-nav__toggle md-toggle" data-md-toggle="__nav_5_2" type="checkbox" id="__nav_5_2" >
872
873 <label class="md-nav__link" for="__nav_5_2">
874 PIPs
875 <span class="md-nav__icon md-icon"></span>
876 </label>
877 <nav class="md-nav" aria-label="PIPs" data-md-level="2">
878 <label class="md-nav__title" for="__nav_5_2">
879 <span class="md-nav__icon md-icon"></span>
880 PIPs
881 </label>
882 <ul class="md-nav__list" data-md-scrollfix>
883
884
885
886
887
888 <li class="md-nav__item">
889 <a href="../../../package/pip/" class="md-nav__link">
890 Overview
891 </a>
892 </li>
893
894
895
896
897
898
899
900 <li class="md-nav__item">
901 <a href="../../../package/pip/acl-option/" class="md-nav__link">
902 aclOption
903 </a>
904 </li>
905
906
907
908
909
910
911
912 <li class="md-nav__item">
913 <a href="../../../package/pip/acp-menu/" class="md-nav__link">
914 acpMenu
915 </a>
916 </li>
917
918
919
920
921
922
923
924 <li class="md-nav__item">
925 <a href="../../../package/pip/acp-search-provider/" class="md-nav__link">
926 acpSearchProvider
927 </a>
928 </li>
929
930
931
932
933
934
935
936 <li class="md-nav__item">
937 <a href="../../../package/pip/acp-template/" class="md-nav__link">
938 acpTemplate
939 </a>
940 </li>
941
942
943
944
945
946
947
948 <li class="md-nav__item">
949 <a href="../../../package/pip/bbcode/" class="md-nav__link">
950 bbcode
951 </a>
952 </li>
953
954
955
956
957
958
959
960 <li class="md-nav__item">
961 <a href="../../../package/pip/box/" class="md-nav__link">
962 box
963 </a>
964 </li>
965
966
967
968
969
970
971
972 <li class="md-nav__item">
973 <a href="../../../package/pip/clipboard-action/" class="md-nav__link">
974 clipboardAction
975 </a>
976 </li>
977
978
979
980
981
982
983
984 <li class="md-nav__item">
985 <a href="../../../package/pip/core-object/" class="md-nav__link">
986 coreObject
987 </a>
988 </li>
989
990
991
992
993
994
995
996 <li class="md-nav__item">
997 <a href="../../../package/pip/cronjob/" class="md-nav__link">
998 cronjob
999 </a>
1000 </li>
1001
1002
1003
1004
1005
1006
1007
1008 <li class="md-nav__item">
1009 <a href="../../../package/pip/event-listener/" class="md-nav__link">
1010 eventListener
1011 </a>
1012 </li>
1013
1014
1015
1016
1017
1018
1019
1020 <li class="md-nav__item">
1021 <a href="../../../package/pip/file/" class="md-nav__link">
1022 file
1023 </a>
1024 </li>
1025
1026
1027
1028
1029
1030
1031
1032 <li class="md-nav__item">
1033 <a href="../../../package/pip/language/" class="md-nav__link">
1034 language
1035 </a>
1036 </li>
1037
1038
1039
1040
1041
1042
1043
1044 <li class="md-nav__item">
1045 <a href="../../../package/pip/media-provider/" class="md-nav__link">
1046 mediaProvider
1047 </a>
1048 </li>
1049
1050
1051
1052
1053
1054
1055
1056 <li class="md-nav__item">
1057 <a href="../../../package/pip/menu/" class="md-nav__link">
1058 menu
1059 </a>
1060 </li>
1061
1062
1063
1064
1065
1066
1067
1068 <li class="md-nav__item">
1069 <a href="../../../package/pip/menu-item/" class="md-nav__link">
1070 menuItem
1071 </a>
1072 </li>
1073
1074
1075
1076
1077
1078
1079
1080 <li class="md-nav__item">
1081 <a href="../../../package/pip/object-type/" class="md-nav__link">
1082 objectType
1083 </a>
1084 </li>
1085
1086
1087
1088
1089
1090
1091
1092 <li class="md-nav__item">
1093 <a href="../../../package/pip/object-type-definition/" class="md-nav__link">
1094 objectTypeDefinition
1095 </a>
1096 </li>
1097
1098
1099
1100
1101
1102
1103
1104 <li class="md-nav__item">
1105 <a href="../../../package/pip/option/" class="md-nav__link">
1106 option
1107 </a>
1108 </li>
1109
1110
1111
1112
1113
1114
1115
1116 <li class="md-nav__item">
1117 <a href="../../../package/pip/page/" class="md-nav__link">
1118 page
1119 </a>
1120 </li>
1121
1122
1123
1124
1125
1126
1127
1128 <li class="md-nav__item">
1129 <a href="../../../package/pip/pip/" class="md-nav__link">
1130 pip
1131 </a>
1132 </li>
1133
1134
1135
1136
1137
1138
1139
1140 <li class="md-nav__item">
1141 <a href="../../../package/pip/script/" class="md-nav__link">
1142 script
1143 </a>
1144 </li>
1145
1146
1147
1148
1149
1150
1151
1152 <li class="md-nav__item">
1153 <a href="../../../package/pip/smiley/" class="md-nav__link">
1154 smiley
1155 </a>
1156 </li>
1157
1158
1159
1160
1161
1162
1163
1164 <li class="md-nav__item">
1165 <a href="../../../package/pip/sql/" class="md-nav__link">
1166 sql
1167 </a>
1168 </li>
1169
1170
1171
1172
1173
1174
1175
1176 <li class="md-nav__item">
1177 <a href="../../../package/pip/style/" class="md-nav__link">
1178 style
1179 </a>
1180 </li>
1181
1182
1183
1184
1185
1186
1187
1188 <li class="md-nav__item">
1189 <a href="../../../package/pip/template/" class="md-nav__link">
1190 template
1191 </a>
1192 </li>
1193
1194
1195
1196
1197
1198
1199
1200 <li class="md-nav__item">
1201 <a href="../../../package/pip/template-listener/" class="md-nav__link">
1202 templateListener
1203 </a>
1204 </li>
1205
1206
1207
1208
1209
1210
1211
1212 <li class="md-nav__item">
1213 <a href="../../../package/pip/user-group-option/" class="md-nav__link">
1214 userGroupOption
1215 </a>
1216 </li>
1217
1218
1219
1220
1221
1222
1223
1224 <li class="md-nav__item">
1225 <a href="../../../package/pip/user-menu/" class="md-nav__link">
1226 userMenu
1227 </a>
1228 </li>
1229
1230
1231
1232
1233
1234
1235
1236 <li class="md-nav__item">
1237 <a href="../../../package/pip/user-notification-event/" class="md-nav__link">
1238 userNotificationEvent
1239 </a>
1240 </li>
1241
1242
1243
1244
1245
1246
1247
1248 <li class="md-nav__item">
1249 <a href="../../../package/pip/user-option/" class="md-nav__link">
1250 userOption
1251 </a>
1252 </li>
1253
1254
1255
1256
1257
1258
1259
1260 <li class="md-nav__item">
1261 <a href="../../../package/pip/user-profile-menu/" class="md-nav__link">
1262 userProfileMenu
1263 </a>
1264 </li>
1265
1266
1267
1268 </ul>
1269 </nav>
1270 </li>
1271
1272
1273
1274
1275
1276
1277
1278 <li class="md-nav__item">
1279 <a href="../../../package/database-php-api/" class="md-nav__link">
1280 Database PHP API
1281 </a>
1282 </li>
1283
1284
1285
1286 </ul>
1287 </nav>
1288 </li>
1289
1290
1291
1292
1293
1294
1295
1296
1297
1298
1299
1300
1301
1302 <li class="md-nav__item md-nav__item--active md-nav__item--nested">
1303
1304
1305 <input class="md-nav__toggle md-toggle" data-md-toggle="__nav_6" type="checkbox" id="__nav_6" checked>
1306
1307 <label class="md-nav__link" for="__nav_6">
1308 Migration
1309 <span class="md-nav__icon md-icon"></span>
1310 </label>
1311 <nav class="md-nav" aria-label="Migration" data-md-level="1">
1312 <label class="md-nav__title" for="__nav_6">
1313 <span class="md-nav__icon md-icon"></span>
1314 Migration
1315 </label>
1316 <ul class="md-nav__list" data-md-scrollfix>
1317
1318
1319
1320
1321
1322
1323
1324
1325 <li class="md-nav__item md-nav__item--active md-nav__item--nested">
1326
1327
1328 <input class="md-nav__toggle md-toggle" data-md-toggle="__nav_6_1" type="checkbox" id="__nav_6_1" checked>
1329
1330 <label class="md-nav__link" for="__nav_6_1">
1331 Migrating from WSC 5.3
1332 <span class="md-nav__icon md-icon"></span>
1333 </label>
1334 <nav class="md-nav" aria-label="Migrating from WSC 5.3" data-md-level="2">
1335 <label class="md-nav__title" for="__nav_6_1">
1336 <span class="md-nav__icon md-icon"></span>
1337 Migrating from WSC 5.3
1338 </label>
1339 <ul class="md-nav__list" data-md-scrollfix>
1340
1341
1342
1343
1344
1345 <li class="md-nav__item">
1346 <a href="../php/" class="md-nav__link">
1347 PHP API
1348 </a>
1349 </li>
1350
1351
1352
1353
1354
1355
1356
1357
1358
1359 <li class="md-nav__item md-nav__item--active">
1360
1361 <input class="md-nav__toggle md-toggle" data-md-toggle="toc" type="checkbox" id="__toc">
1362
1363
1364
1365
1366 <label class="md-nav__link md-nav__link--active" for="__toc">
1367 Session Handling and Authentication
1368 <span class="md-nav__icon md-icon"></span>
1369 </label>
1370
1371 <a href="./" class="md-nav__link md-nav__link--active">
1372 Session Handling and Authentication
1373 </a>
1374
1375
1376<nav class="md-nav md-nav--secondary" aria-label="Table of contents">
1377
1378
1379
1380
1381
1382 <label class="md-nav__title" for="__toc">
1383 <span class="md-nav__icon md-icon"></span>
1384 Table of contents
1385 </label>
1386 <ul class="md-nav__list" data-md-component="toc" data-md-scrollfix>
1387
1388 <li class="md-nav__item">
1389 <a href="#summary-and-concepts" class="md-nav__link">
1390 Summary and Concepts
1391 </a>
1392
1393 <nav class="md-nav" aria-label="Summary and Concepts">
1394 <ul class="md-nav__list">
1395
1396 <li class="md-nav__item">
1397 <a href="#legacy-persistent-login" class="md-nav__link">
1398 Legacy Persistent Login
1399 </a>
1400
1401</li>
1402
1403 <li class="md-nav__item">
1404 <a href="#multiple-sessions" class="md-nav__link">
1405 Multiple Sessions
1406 </a>
1407
1408</li>
1409
1410 <li class="md-nav__item">
1411 <a href="#merged-acp-and-frontend-sessions" class="md-nav__link">
1412 Merged ACP and Frontend Sessions
1413 </a>
1414
1415</li>
1416
1417 <li class="md-nav__item">
1418 <a href="#improved-authentication-and-reauthentication" class="md-nav__link">
1419 Improved Authentication and Reauthentication
1420 </a>
1421
1422</li>
1423
1424 </ul>
1425 </nav>
1426
1427</li>
1428
1429 <li class="md-nav__item">
1430 <a href="#additions-and-changes" class="md-nav__link">
1431 Additions and Changes
1432 </a>
1433
1434 <nav class="md-nav" aria-label="Additions and Changes">
1435 <ul class="md-nav__list">
1436
1437 <li class="md-nav__item">
1438 <a href="#password-hashing" class="md-nav__link">
1439 Password Hashing
1440 </a>
1441
1442</li>
1443
1444 <li class="md-nav__item">
1445 <a href="#session-storage" class="md-nav__link">
1446 Session Storage
1447 </a>
1448
1449</li>
1450
1451 <li class="md-nav__item">
1452 <a href="#reauthentication" class="md-nav__link">
1453 Reauthentication
1454 </a>
1455
1456</li>
1457
1458 <li class="md-nav__item">
1459 <a href="#multi-factor-authentication" class="md-nav__link">
1460 Multi-factor Authentication
1461 </a>
1462
1463 <nav class="md-nav" aria-label="Multi-factor Authentication">
1464 <ul class="md-nav__list">
1465
1466 <li class="md-nav__item">
1467 <a href="#adding-multi-factor-methods" class="md-nav__link">
1468 Adding Multi-factor Methods
1469 </a>
1470
1471</li>
1472
1473 </ul>
1474 </nav>
1475
1476</li>
1477
1478 </ul>
1479 </nav>
1480
1481</li>
1482
1483 <li class="md-nav__item">
1484 <a href="#deprecations-and-removals" class="md-nav__link">
1485 Deprecations and Removals
1486 </a>
1487
1488 <nav class="md-nav" aria-label="Deprecations and Removals">
1489 <ul class="md-nav__list">
1490
1491 <li class="md-nav__item">
1492 <a href="#sessionhandler" class="md-nav__link">
1493 SessionHandler
1494 </a>
1495
1496</li>
1497
1498 <li class="md-nav__item">
1499 <a href="#acp-sessions" class="md-nav__link">
1500 ACP Sessions
1501 </a>
1502
1503</li>
1504
1505 <li class="md-nav__item">
1506 <a href="#cookies" class="md-nav__link">
1507 Cookies
1508 </a>
1509
1510</li>
1511
1512 <li class="md-nav__item">
1513 <a href="#virtual-sessions" class="md-nav__link">
1514 Virtual Sessions
1515 </a>
1516
1517</li>
1518
1519 <li class="md-nav__item">
1520 <a href="#security-token-constants" class="md-nav__link">
1521 Security Token Constants
1522 </a>
1523
1524</li>
1525
1526 <li class="md-nav__item">
1527 <a href="#passwordutil-and-double-bcrypt-hashes" class="md-nav__link">
1528 PasswordUtil and Double BCrypt Hashes
1529 </a>
1530
1531</li>
1532
1533 </ul>
1534 </nav>
1535
1536</li>
1537
1538 </ul>
1539
1540</nav>
1541
1542 </li>
1543
1544
1545
1546
1547
1548
1549
1550 <li class="md-nav__item">
1551 <a href="../javascript/" class="md-nav__link">
77efcd46 1552 TypeScript and JavaScript
0c5338dd
TD		 1553 </a>
1554 </li>
1555
1556
1557
1558
1559
1560
1561
1562 <li class="md-nav__item">
1563 <a href="../templates/" class="md-nav__link">
1564 Templates
1565 </a>
1566 </li>
1567
1568
1569
1570
1571
1572
1573
1574 <li class="md-nav__item">
1575 <a href="../libraries/" class="md-nav__link">
1576 Third Party Libraries
1577 </a>
1578 </li>
1579
1580
1581
1582 </ul>
1583 </nav>
1584 </li>
1585
1586
1587
1588
1589
1590
1591
1592
1593 <li class="md-nav__item md-nav__item--nested">
1594
1595
1596 <input class="md-nav__toggle md-toggle" data-md-toggle="__nav_6_2" type="checkbox" id="__nav_6_2" >
1597
1598 <label class="md-nav__link" for="__nav_6_2">
1599 Migrating from WSC 5.2
1600 <span class="md-nav__icon md-icon"></span>
1601 </label>
1602 <nav class="md-nav" aria-label="Migrating from WSC 5.2" data-md-level="2">
1603 <label class="md-nav__title" for="__nav_6_2">
1604 <span class="md-nav__icon md-icon"></span>
1605 Migrating from WSC 5.2
1606 </label>
1607 <ul class="md-nav__list" data-md-scrollfix>
1608
1609
1610
1611
1612
1613 <li class="md-nav__item">
1614 <a href="../../wsc52/php/" class="md-nav__link">
1615 PHP API
1616 </a>
1617 </li>
1618
1619
1620
1621
1622
1623
1624
1625 <li class="md-nav__item">
1626 <a href="../../wsc52/templates/" class="md-nav__link">
1627 Templates and Languages
1628 </a>
1629 </li>
1630
1631
1632
1633
1634
1635
1636
1637 <li class="md-nav__item">
1638 <a href="../../wsc52/libraries/" class="md-nav__link">
1639 Third Party Libraries
1640 </a>
1641 </li>
1642
1643
1644
1645 </ul>
1646 </nav>
1647 </li>
1648
1649
1650
1651
1652
1653
1654
1655
1656 <li class="md-nav__item md-nav__item--nested">
1657
1658
1659 <input class="md-nav__toggle md-toggle" data-md-toggle="__nav_6_3" type="checkbox" id="__nav_6_3" >
1660
1661 <label class="md-nav__link" for="__nav_6_3">
1662 Migrating from WSC 3.1
1663 <span class="md-nav__icon md-icon"></span>
1664 </label>
1665 <nav class="md-nav" aria-label="Migrating from WSC 3.1" data-md-level="2">
1666 <label class="md-nav__title" for="__nav_6_3">
1667 <span class="md-nav__icon md-icon"></span>
1668 Migrating from WSC 3.1
1669 </label>
1670 <ul class="md-nav__list" data-md-scrollfix>
1671
1672
1673
1674
1675
1676 <li class="md-nav__item">
1677 <a href="../../wsc31/php/" class="md-nav__link">
1678 PHP API
1679 </a>
1680 </li>
1681
1682
1683
1684 </ul>
1685 </nav>
1686 </li>
1687
1688
1689
1690
1691
1692
1693
1694
1695 <li class="md-nav__item md-nav__item--nested">
1696
1697
1698 <input class="md-nav__toggle md-toggle" data-md-toggle="__nav_6_4" type="checkbox" id="__nav_6_4" >
1699
1700 <label class="md-nav__link" for="__nav_6_4">
1701 Migrating from WSC 3.0
1702 <span class="md-nav__icon md-icon"></span>
1703 </label>
1704 <nav class="md-nav" aria-label="Migrating from WSC 3.0" data-md-level="2">
1705 <label class="md-nav__title" for="__nav_6_4">
1706 <span class="md-nav__icon md-icon"></span>
1707 Migrating from WSC 3.0
1708 </label>
1709 <ul class="md-nav__list" data-md-scrollfix>
1710
1711
1712
1713
1714
1715 <li class="md-nav__item">
1716 <a href="../../wsc30/php/" class="md-nav__link">
1717 PHP API
1718 </a>
1719 </li>
1720
1721
1722
1723
1724
1725
1726
1727 <li class="md-nav__item">
1728 <a href="../../wsc30/javascript/" class="md-nav__link">
1729 JavaScript API
1730 </a>
1731 </li>
1732
1733
1734
1735
1736
1737
1738
1739 <li class="md-nav__item">
1740 <a href="../../wsc30/templates/" class="md-nav__link">
1741 Templates
1742 </a>
1743 </li>
1744
1745
1746
1747
1748
1749
1750
1751 <li class="md-nav__item">
1752 <a href="../../wsc30/css/" class="md-nav__link">
1753 CSS
1754 </a>
1755 </li>
1756
1757
1758
1759
1760
1761
1762
1763 <li class="md-nav__item">
1764 <a href="../../wsc30/package/" class="md-nav__link">
1765 Package Components
1766 </a>
1767 </li>
1768
1769
1770
1771 </ul>
1772 </nav>
1773 </li>
1774
1775
1776
1777
1778
1779
1780
1781
1782 <li class="md-nav__item md-nav__item--nested">
1783
1784
1785 <input class="md-nav__toggle md-toggle" data-md-toggle="__nav_6_5" type="checkbox" id="__nav_6_5" >
1786
1787 <label class="md-nav__link" for="__nav_6_5">
1788 Migrating from WCF 2.1
1789 <span class="md-nav__icon md-icon"></span>
1790 </label>
1791 <nav class="md-nav" aria-label="Migrating from WCF 2.1" data-md-level="2">
1792 <label class="md-nav__title" for="__nav_6_5">
1793 <span class="md-nav__icon md-icon"></span>
1794 Migrating from WCF 2.1
1795 </label>
1796 <ul class="md-nav__list" data-md-scrollfix>
1797
1798
1799
1800
1801
1802 <li class="md-nav__item">
1803 <a href="../../wcf21/php/" class="md-nav__link">
1804 PHP API
1805 </a>
1806 </li>
1807
1808
1809
1810
1811
1812
1813
1814 <li class="md-nav__item">
1815 <a href="../../wcf21/templates/" class="md-nav__link">
1816 Templates
1817 </a>
1818 </li>
1819
1820
1821
1822
1823
1824
1825
1826 <li class="md-nav__item">
1827 <a href="../../wcf21/css/" class="md-nav__link">
1828 CSS
1829 </a>
1830 </li>
1831
1832
1833
1834
1835
1836
1837
1838 <li class="md-nav__item">
1839 <a href="../../wcf21/package/" class="md-nav__link">
1840 Package Components
1841 </a>
1842 </li>
1843
1844
1845
1846 </ul>
1847 </nav>
1848 </li>
1849
1850
1851
1852 </ul>
1853 </nav>
1854 </li>
1855
1856
1857
1858
1859
1860
1861
1862
1863
1864
1865
1866 <li class="md-nav__item md-nav__item--nested">
1867
1868
1869 <input class="md-nav__toggle md-toggle" data-md-toggle="__nav_7" type="checkbox" id="__nav_7" >
1870
1871 <label class="md-nav__link" for="__nav_7">
1872 Tutorials
1873 <span class="md-nav__icon md-icon"></span>
1874 </label>
1875 <nav class="md-nav" aria-label="Tutorials" data-md-level="1">
1876 <label class="md-nav__title" for="__nav_7">
1877 <span class="md-nav__icon md-icon"></span>
1878 Tutorials
1879 </label>
1880 <ul class="md-nav__list" data-md-scrollfix>
1881
1882
1883
1884
1885
1886
1887 <li class="md-nav__item md-nav__item--nested">
1888
1889
1890 <input class="md-nav__toggle md-toggle" data-md-toggle="__nav_7_1" type="checkbox" id="__nav_7_1" >
1891
1892 <label class="md-nav__link" for="__nav_7_1">
1893 Tutorial Series
1894 <span class="md-nav__icon md-icon"></span>
1895 </label>
1896 <nav class="md-nav" aria-label="Tutorial Series" data-md-level="2">
1897 <label class="md-nav__title" for="__nav_7_1">
1898 <span class="md-nav__icon md-icon"></span>
1899 Tutorial Series
1900 </label>
1901 <ul class="md-nav__list" data-md-scrollfix>
1902
1903
1904
1905
1906
1907 <li class="md-nav__item">
1908 <a href="../../../tutorial/series/overview/" class="md-nav__link">
1909 Overview
1910 </a>
1911 </li>
1912
1913
1914
1915
1916
1917
1918
1919 <li class="md-nav__item">
1920 <a href="../../../tutorial/series/part_1/" class="md-nav__link">
1921 Part 1
1922 </a>
1923 </li>
1924
1925
1926
1927
1928
1929
1930
1931 <li class="md-nav__item">
1932 <a href="../../../tutorial/series/part_2/" class="md-nav__link">
1933 Part 2
1934 </a>
1935 </li>
1936
1937
1938
1939
1940
1941
1942
1943 <li class="md-nav__item">
1944 <a href="../../../tutorial/series/part_3/" class="md-nav__link">
1945 Part 3
1946 </a>
1947 </li>
1948
1949
1950
1951 </ul>
1952 </nav>
1953 </li>
1954
1955
1956
1957 </ul>
1958 </nav>
1959 </li>
1960
1961
1962
1963 </ul>
1964</nav>
1965 </div>
1966 </div>
1967 </div>
1968
1969
1970
1971 <div class="md-sidebar md-sidebar--secondary" data-md-component="sidebar" data-md-type="toc" >
1972 <div class="md-sidebar__scrollwrap">
1973 <div class="md-sidebar__inner">
1974
1975<nav class="md-nav md-nav--secondary" aria-label="Table of contents">
1976
1977
1978
1979
1980
1981 <label class="md-nav__title" for="__toc">
1982 <span class="md-nav__icon md-icon"></span>
1983 Table of contents
1984 </label>
1985 <ul class="md-nav__list" data-md-component="toc" data-md-scrollfix>
1986
1987 <li class="md-nav__item">
1988 <a href="#summary-and-concepts" class="md-nav__link">
1989 Summary and Concepts
1990 </a>
1991
1992 <nav class="md-nav" aria-label="Summary and Concepts">
1993 <ul class="md-nav__list">
1994
1995 <li class="md-nav__item">
1996 <a href="#legacy-persistent-login" class="md-nav__link">
1997 Legacy Persistent Login
1998 </a>
1999
2000</li>
2001
2002 <li class="md-nav__item">
2003 <a href="#multiple-sessions" class="md-nav__link">
2004 Multiple Sessions
2005 </a>
2006
2007</li>
2008
2009 <li class="md-nav__item">
2010 <a href="#merged-acp-and-frontend-sessions" class="md-nav__link">
2011 Merged ACP and Frontend Sessions
2012 </a>
2013
2014</li>
2015
2016 <li class="md-nav__item">
2017 <a href="#improved-authentication-and-reauthentication" class="md-nav__link">
2018 Improved Authentication and Reauthentication
2019 </a>
2020
2021</li>
2022
2023 </ul>
2024 </nav>
2025
2026</li>
2027
2028 <li class="md-nav__item">
2029 <a href="#additions-and-changes" class="md-nav__link">
2030 Additions and Changes
2031 </a>
2032
2033 <nav class="md-nav" aria-label="Additions and Changes">
2034 <ul class="md-nav__list">
2035
2036 <li class="md-nav__item">
2037 <a href="#password-hashing" class="md-nav__link">
2038 Password Hashing
2039 </a>
2040
2041</li>
2042
2043 <li class="md-nav__item">
2044 <a href="#session-storage" class="md-nav__link">
2045 Session Storage
2046 </a>
2047
2048</li>
2049
2050 <li class="md-nav__item">
2051 <a href="#reauthentication" class="md-nav__link">
2052 Reauthentication
2053 </a>
2054
2055</li>
2056
2057 <li class="md-nav__item">
2058 <a href="#multi-factor-authentication" class="md-nav__link">
2059 Multi-factor Authentication
2060 </a>
2061
2062 <nav class="md-nav" aria-label="Multi-factor Authentication">
2063 <ul class="md-nav__list">
2064
2065 <li class="md-nav__item">
2066 <a href="#adding-multi-factor-methods" class="md-nav__link">
2067 Adding Multi-factor Methods
2068 </a>
2069
2070</li>
2071
2072 </ul>
2073 </nav>
2074
2075</li>
2076
2077 </ul>
2078 </nav>
2079
2080</li>
2081
2082 <li class="md-nav__item">
2083 <a href="#deprecations-and-removals" class="md-nav__link">
2084 Deprecations and Removals
2085 </a>
2086
2087 <nav class="md-nav" aria-label="Deprecations and Removals">
2088 <ul class="md-nav__list">
2089
2090 <li class="md-nav__item">
2091 <a href="#sessionhandler" class="md-nav__link">
2092 SessionHandler
2093 </a>
2094
2095</li>
2096
2097 <li class="md-nav__item">
2098 <a href="#acp-sessions" class="md-nav__link">
2099 ACP Sessions
2100 </a>
2101
2102</li>
2103
2104 <li class="md-nav__item">
2105 <a href="#cookies" class="md-nav__link">
2106 Cookies
2107 </a>
2108
2109</li>
2110
2111 <li class="md-nav__item">
2112 <a href="#virtual-sessions" class="md-nav__link">
2113 Virtual Sessions
2114 </a>
2115
2116</li>
2117
2118 <li class="md-nav__item">
2119 <a href="#security-token-constants" class="md-nav__link">
2120 Security Token Constants
2121 </a>
2122
2123</li>
2124
2125 <li class="md-nav__item">
2126 <a href="#passwordutil-and-double-bcrypt-hashes" class="md-nav__link">
2127 PasswordUtil and Double BCrypt Hashes
2128 </a>
2129
2130</li>
2131
2132 </ul>
2133 </nav>
2134
2135</li>
2136
2137 </ul>
2138
2139</nav>
2140 </div>
2141 </div>
2142 </div>
2143
2144
2145 <div class="md-content" data-md-component="content">
2146 <article class="md-content__inner md-typeset">
2147
2148
9b8bddda 2149 <a href="https://github.com/WoltLab/docs.woltlab.com/edit/5.4/docs/migration/wsc53/session.md" title="Edit this page" class="md-content__button md-icon">
7124f4cb
WG		 2150 <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M20.71 7.04c.39-.39.39-1.04 0-1.41l-2.34-2.34c-.37-.39-1.02-.39-1.41 0l-1.84 1.83 3.75 3.75M3 17.25V21h3.75L17.81 9.93l-3.75-3.75L3 17.25z"/></svg>
2151 </a>
2152
0c5338dd
TD		 2153
2154 <h1 id="migrating-from-wsc-53-session-handling-and-authentication">Migrating from WSC 5.3 - Session Handling and Authentication<a class="headerlink" href="#migrating-from-wsc-53-session-handling-and-authentication" title="Permanent link">#</a></h1>
2155<p>WoltLab Suite 5.4 includes a completely refactored session handling.
2156As long as you only interact with sessions via <code>WCF::getSession()</code>, especially when you perform read-only accesses, you should not notice any breaking changes.</p>
2157<p>You might appreciate some of the new session methods if you process security sensitive data.</p>
2158<h2 id="summary-and-concepts">Summary and Concepts<a class="headerlink" href="#summary-and-concepts" title="Permanent link">#</a></h2>
2159<p>Most of the changes revolve around the removal of the legacy persistent login functionality and the assumption that every user has a single session only.
2160Both aspects are related to each other.</p>
2161<h3 id="legacy-persistent-login">Legacy Persistent Login<a class="headerlink" href="#legacy-persistent-login" title="Permanent link">#</a></h3>
2162<p>The legacy persistent login was rather an automated login.
2163Upon bootstrapping a session, it was checked whether the user had a cookie pair storing the user’s <code>userID</code> and (a single BCrypt hash of) the user’s password.
2164If such a cookie pair exists and the BCrypt hash within the cookie matches the user’s password hash when hashed again, the session would immediately <code>changeUser()</code> to the respective user.</p>
2165<p>This legacy persistent login was completely removed.
2166Instead, any sessions that belong to an authenticated user will automatically be long-lived.
2167These long-lived sessions expire no sooner than 14 days after the last activity, ensuring that the user continously stays logged in, provided that they visit the page at least once per fortnight.</p>
2168<h3 id="multiple-sessions">Multiple Sessions<a class="headerlink" href="#multiple-sessions" title="Permanent link">#</a></h3>
2169<p>To allow for a proper separation of these long-lived user sessions, WoltLab Suite now allows for multiple sessions per user.
2170These sessions are completely unrelated to each other.
2171Specifically, they do not share session variables and they expire independently.</p>
2172<p>As the existing <code>wcf1_session</code> table is also used for the online lists and location tracking, it will be maintained on a best effort basis.
2173It no longer stores any private session data.</p>
2174<p>The actual sessions storing security sensitive information are in an unrelated location.
2175They must only be accessed via the PHP API exposed by the <code>SessionHandler</code>.</p>
2176<h3 id="merged-acp-and-frontend-sessions">Merged ACP and Frontend Sessions<a class="headerlink" href="#merged-acp-and-frontend-sessions" title="Permanent link">#</a></h3>
2177<p>WoltLab Suite 5.4 shares a single session across both the frontend, as well as the ACP.
2178When a user logs in to the frontend, they will also be logged into the ACP and vice versa.</p>
2179<p>Actual access to the ACP is controlled via the new <a href="#reauthentication">reauthentication mechanism</a>.</p>
2180<p>The session variable store is scoped:
2181Session variables set within the frontend are not available within the ACP and vice versa.</p>
2182<h3 id="improved-authentication-and-reauthentication">Improved Authentication and Reauthentication<a class="headerlink" href="#improved-authentication-and-reauthentication" title="Permanent link">#</a></h3>
2183<p>WoltLab Suite 5.4 ships with multi-factor authentication support and a generic re-authentication implementation that can be used to verify the account owner’s presence.</p>
2184<h2 id="additions-and-changes">Additions and Changes<a class="headerlink" href="#additions-and-changes" title="Permanent link">#</a></h2>
2185<h3 id="password-hashing">Password Hashing<a class="headerlink" href="#password-hashing" title="Permanent link">#</a></h3>
2186<p>WoltLab Suite 5.4 includes a new object-oriented password hashing framework that is modeled after PHP’s <code>password_*</code> API.
2187Check <a href="https://github.com/WoltLab/WCF/blob/master/wcfsetup/install/files/lib/system/user/authentication/password/PasswordAlgorithmManager.class.php"><code>PasswordAlgorithmManager</code></a> and <a href="https://github.com/WoltLab/WCF/blob/master/wcfsetup/install/files/lib/system/user/authentication/password/IPasswordAlgorithm.class.php"><code>IPasswordAlgorithm</code></a> for details.</p>
2188<p>The new default password hash is a standard BCrypt hash.
2189All newly generated hashes in <code>wcf1_user.password</code> will now include a type prefix, instead of just passwords imported from other systems.</p>
2190<h3 id="session-storage">Session Storage<a class="headerlink" href="#session-storage" title="Permanent link">#</a></h3>
2191<p>The <code>wcf1_session</code> table will no longer be used for session storage.
2192Instead, it is maintained for compatibility with existing online lists.</p>
2193<p>The actual session storage is considered an implementation detail and you <em>must not</em> directly interact with the session tables.
2194Future versions might support alternative session backends, such as Redis.</p>
2195<div class="admonition warning">
2196<p class="admonition-title">Do not interact directly with the session database tables but only via the <code>SessionHandler</code> class!</p>
2197</div>
2198<h3 id="reauthentication">Reauthentication<a class="headerlink" href="#reauthentication" title="Permanent link">#</a></h3>
2199<p>For security sensitive processing, you might want to ensure that the account owner is actually present instead of a third party accessing a session that was accidentally left logged in.</p>
2200<p>WoltLab Suite 5.4 ships with a generic reauthentication framework.
2201To request reauthentication within your controller you need to:</p>
2202<ol>
2203<li>Use the <code>wcf\system\user\authentication\TReauthenticationCheck</code> trait.</li>
2204<li>Call:
2205 <div class="highlight"><pre><span></span><code><span class="nv">$this</span><span class="o">-&gt;</span><span class="na">requestReauthentication</span><span class="p">(</span><span class="nx">LinkHandler</span><span class="o">::</span><span class="na">getInstance</span><span class="p">()</span><span class="o">-&gt;</span><span class="na">getControllerLink</span><span class="p">(</span><span class="k">static</span><span class="o">::</span><span class="na">class</span><span class="p">,</span> <span class="p">[</span>
2206 <span class="cm">/* additional parameters */</span>
2207<span class="p">]));</span>
2208</code></pre></div></li>
2209</ol>
2210<p><code>requestReauthentication()</code> will check if the user has recently authenticated themselves.
2211If they did, the request proceeds as usual.
2212Otherwise, they will be asked to reauthenticate themselves.
2213After the successful authentication, they will be redirected to the URL that was passed as the first parameter (the current controller within the example).</p>
2214<p>Details can be found in <a href="https://github.com/WoltLab/WCF/pull/3775">WoltLab/WCF#3775</a>.</p>
2215<h3 id="multi-factor-authentication">Multi-factor Authentication<a class="headerlink" href="#multi-factor-authentication" title="Permanent link">#</a></h3>
2216<p>To implement multi-factor authentication securely, WoltLab Suite 5.4 implements the concept of a “pending user change”.
2217The user will not be logged in (i.e. <code>WCF::getUser()-&gt;userID</code> returns <code>null</code>) until they authenticate themselves with their second factor.</p>
2218<p>Requesting multi-factor authentication is done on an opt-in basis for compatibility reasons.
2219If you perform authentication yourself and do not trust the authentication source to perform multi-factor authentication itself, you will need to adjust your logic to request multi-factor authentication from WoltLab Suite:</p>
2220<p>Previously:</p>
2221<div class="highlight"><pre><span></span><code><span class="nx">WCF</span><span class="o">::</span><span class="na">getSession</span><span class="p">()</span><span class="o">-&gt;</span><span class="na">changeUser</span><span class="p">(</span><span class="nv">$targetUser</span><span class="p">);</span>
2222</code></pre></div>
0c5338dd
TD		 2223<p>Now:</p>
2224<div class="highlight"><pre><span></span><code><span class="nv">$isPending</span> <span class="o">=</span> <span class="nx">WCF</span><span class="o">::</span><span class="na">getSession</span><span class="p">()</span><span class="o">-&gt;</span><span class="na">changeUserAfterMultifactorAuthentication</span><span class="p">(</span><span class="nv">$targetUser</span><span class="p">);</span>
2225<span class="k">if</span> <span class="p">(</span><span class="nv">$isPending</span><span class="p">)</span> <span class="p">{</span>
2226 <span class="c1">// Redirect to the authentication form. The user will not be logged in.</span>
2227 <span class="c1">// Note: Do not use `getControllerLink` to support both the frontend as well as the ACP.</span>
2228 <span class="nx">HeaderUtil</span><span class="o">::</span><span class="na">redirect</span><span class="p">(</span><span class="nx">LinkHandler</span><span class="o">::</span><span class="na">getInstance</span><span class="p">()</span><span class="o">-&gt;</span><span class="na">getLink</span><span class="p">(</span><span class="s1">&#39;MultifactorAuthentication&#39;</span><span class="p">,</span> <span class="p">[</span>
2229 <span class="s1">&#39;url&#39;</span> <span class="o">=&gt;</span> <span class="cm">/* Return To */</span><span class="p">,</span>
2230 <span class="p">]));</span>
2231 <span class="k">exit</span><span class="p">;</span>
2232<span class="p">}</span>
2233<span class="c1">// Proceed as usual. The user will be logged in.</span>
2234</code></pre></div>
0c5338dd
TD		 2235<h4 id="adding-multi-factor-methods">Adding Multi-factor Methods<a class="headerlink" href="#adding-multi-factor-methods" title="Permanent link">#</a></h4>
2236<p>Adding your own multi-factor method requires the implementation of a single object type:</p>
2237<div class="highlight"><pre><span></span><code><span class="nt">&lt;type&gt;</span>
2238 <span class="nt">&lt;name&gt;</span>com.example.multifactor.foobar<span class="nt">&lt;/name&gt;</span>
2239 <span class="nt">&lt;definitionname&gt;</span>com.woltlab.wcf.multifactor<span class="nt">&lt;/definitionname&gt;</span>
2240 <span class="nt">&lt;icon&gt;</span><span class="c">&lt;!-- Font Awesome 4 Icon Name goes here. --&gt;</span><span class="nt">&lt;/icon&gt;</span>
2241 <span class="nt">&lt;priority&gt;</span><span class="c">&lt;!-- Determines the sort order, higher priority will be preferred for authentication. --&gt;</span><span class="nt">&lt;/priority&gt;</span>
2242 <span class="nt">&lt;classname&gt;</span>wcf\system\user\multifactor\FoobarMultifactorMethod<span class="nt">&lt;/classname&gt;</span>
2243<span class="nt">&lt;/type&gt;</span>
2244</code></pre></div>
0c5338dd
TD		 2245<p>The given classname must implement the <a href="https://github.com/WoltLab/WCF/blob/master/wcfsetup/install/files/lib/system/user/multifactor/IMultifactorMethod.class.php"><code>IMultifactorMethod</code></a> interface.</p>
2246<p>As a self-contained example, you can find the initial implementation of the email multi-factor method in <a href="https://github.com/WoltLab/WCF/pull/3729">WoltLab/WCF#3729</a>.
2247Please check <a href="https://github.com/WoltLab/WCF/commits/master/wcfsetup/install/files/lib/system/user/multifactor/EmailMultifactorMethod.class.php">the version history</a> of the PHP class to make sure you do not miss important changes that were added later.</p>
2248<div class="admonition warning">
2249<p class="admonition-title">Multi-factor authentication is security sensitive. Make sure to carefully read the remarks in <code>IMultifactorMethod</code> for possible issues. Also make sure to carefully test your implementation against all sorts of incorrect input and consider attack vectors such as race conditions. It is strongly recommended to generously check the current state by leveraging assertions and exceptions.</p>
2250</div>
2251<h2 id="deprecations-and-removals">Deprecations and Removals<a class="headerlink" href="#deprecations-and-removals" title="Permanent link">#</a></h2>
2252<h3 id="sessionhandler">SessionHandler<a class="headerlink" href="#sessionhandler" title="Permanent link">#</a></h3>
2253<p>Most of the changes with regard to the new session handling happened in <code>SessionHandler</code>.
2254Most notably, <code>SessionHandler</code> now is marked <code>final</code> to ensure proper encapsulation of data.</p>
2255<p>A number of methods in <code>SessionHandler</code> are now deprecated and result in a noop.
2256This change mostly affects methods that have been used to bootstrap the session, such as <code>setHasValidCookie()</code>.</p>
2257<p>Additionally, accessing the following keys on the session is deprecated.
2258They directly map to an existing method in another class and any uses can easily be updated:
2259- <code>ipAddress</code>
2260- <code>userAgent</code>
2261- <code>requestURI</code>
2262- <code>requestMethod</code>
2263- <code>lastActivityTime</code></p>
2264<p>Refer to <a href="https://github.com/WoltLab/WCF/blob/439de4963c947c3569a0c584f795245f693155b0/wcfsetup/install/files/lib/system/session/SessionHandler.class.php#L168-L178">the implementation</a> for details.</p>
2265<h3 id="acp-sessions">ACP Sessions<a class="headerlink" href="#acp-sessions" title="Permanent link">#</a></h3>
2266<p>The database tables related to ACP sessions have been removed.
2267The PHP classes have been preserved due to being used within the class hierarchy of the legacy sessions.</p>
2268<h3 id="cookies">Cookies<a class="headerlink" href="#cookies" title="Permanent link">#</a></h3>
2269<p>The <code>_userID</code>, <code>_password</code>, <code>_cookieHash</code> and <code>_cookieHash_acp</code> cookies will no longer be created nor consumed.</p>
2270<h3 id="virtual-sessions">Virtual Sessions<a class="headerlink" href="#virtual-sessions" title="Permanent link">#</a></h3>
2271<p>The virtual session logic existed to support multiple devices per single session in <code>wcf1_session</code>.
2272Virtual sessions are no longer required with the refactored session handling.</p>
2273<p>Anything related to virtual sessions has been completely removed as they are considered an implementation detail.
2274This removal includes PHP classes and database tables.</p>
2275<h3 id="security-token-constants">Security Token Constants<a class="headerlink" href="#security-token-constants" title="Permanent link">#</a></h3>
2276<p>The security token constants are deprecated.
2277Instead, the methods of <code>SessionHandler</code> should be used (e.g. <code>-&gt;getSecurityToken()</code>).
2278Within templates, you should migrate to the <code>{csrfToken}</code> tag in place of <code>{@SECURITY_TOKEN_INPUT_TAG}</code>.
2279The <code>{csrfToken}</code> tag is a drop-in replacement and was backported to WoltLab Suite 5.2+, allowing you to maintain compatibility across a broad range of versions.</p>
2280<h3 id="passwordutil-and-double-bcrypt-hashes">PasswordUtil and Double BCrypt Hashes<a class="headerlink" href="#passwordutil-and-double-bcrypt-hashes" title="Permanent link">#</a></h3>
2281<p>Most of the methods in PasswordUtil are deprecated in favor of the new password hashing framework.</p>
2282
4a5c32e1
WG		 2283
2284
2285
2286<hr>
2287<div class="md-source-date">
2288 <small>
2289
2290 Last update: 2021-02-11
2291
2292 </small>
2293</div>
2294
2295
0c5338dd
TD		 2296
2297
2298
2299
2300
2301
2302 </article>
2303 </div>
2304 </div>
fb962f09 2305
0c5338dd
TD		 2306 </main>
2307
2308
2309<footer class="md-footer">
2310
2311 <nav class="md-footer__inner md-grid" aria-label="Footer">
2312
2313 <a href="../php/" class="md-footer__link md-footer__link--prev" rel="prev">
2314 <div class="md-footer__button md-icon">
2315 <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M20 11v2H8l5.5 5.5-1.42 1.42L4.16 12l7.92-7.92L13.5 5.5 8 11h12z"/></svg>
2316 </div>
2317 <div class="md-footer__title">
2318 <div class="md-ellipsis">
2319 <span class="md-footer__direction">
2320 Previous
2321 </span>
2322 PHP API
2323 </div>
2324 </div>
2325 </a>
2326
2327
2328 <a href="../javascript/" class="md-footer__link md-footer__link--next" rel="next">
2329 <div class="md-footer__title">
2330 <div class="md-ellipsis">
2331 <span class="md-footer__direction">
2332 Next
2333 </span>
77efcd46 2334 TypeScript and JavaScript
0c5338dd
TD		 2335 </div>
2336 </div>
2337 <div class="md-footer__button md-icon">
2338 <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M4 11v2h12l-5.5 5.5 1.42 1.42L19.84 12l-7.92-7.92L10.5 5.5 16 11H4z"/></svg>
2339 </div>
2340 </a>
2341
2342 </nav>
2343
2344 <div class="md-footer-meta md-typeset">
2345 <div class="md-footer-meta__inner md-grid">
2346 <div class="md-footer-copyright">
2347
2348 <div class="md-footer-copyright__highlight">
2349 Copyright © 2020 WoltLab GmbH
2350 </div>
2351
2352 Made with
2353 <a href="https://squidfunk.github.io/mkdocs-material/" target="_blank" rel="noopener">
2354 Material for MkDocs
2355 </a>
fb88dc6e 2356
0c5338dd
TD		 2357 </div>
2358 <div class="md-footer-copyright">
2359 <a href="https://www.woltlab.com/legal-notice/">Legal Notice</a>
2360 <a href="https://www.woltlab.com/privacy-policy/">Privacy Policy</a>
2361</div>
2362 </div>
2363 </div>
2364</footer>
2365
2366 </div>
2367 <div class="md-dialog" data-md-component="dialog">
2368 <div class="md-dialog__inner md-typeset"></div>
2369 </div>
fb962f09 2370 <script id="__config" type="application/json">{"base": "../../..", "features": [], "translations": {"clipboard.copy": "Copy to clipboard", "clipboard.copied": "Copied to clipboard", "search.config.lang": "en", "search.config.pipeline": "trimmer, stopWordFilter", "search.config.separator": "[\\s\\-]+", "search.placeholder": "Search", "search.result.placeholder": "Type to start searching", "search.result.none": "No matching documents", "search.result.one": "1 matching document", "search.result.other": "# matching documents", "search.result.more.one": "1 more on this page", "search.result.more.other": "# more on this page", "search.result.term.missing": "Missing"}, "search": "../../../assets/javascripts/workers/search.fe42c31b.min.js", "version": {"provider": "mike"}}</script>
0c5338dd
TD		 2371
2372
fb962f09 2373 <script src="../../../assets/javascripts/bundle.d892486b.min.js"></script>
0c5338dd
TD		 2374
2375
2376 </body>
2377</html>