nu
/
CharmBoard
1
0
Fork 0
Code Issues 8 Pull Requests Projects 1 Releases Activity

Move session management into some sort of reusable format #18

New Issue
Closed
opened 2024-08-21 05:36:35 +00:00 by nu · 4 comments
nu commented 2024-08-21 05:36:35 +00:00
Owner
Copy Link

As it stands now, the only actual session management in CharmBoard happens in CharmBoard::Controller::Login action login_do, CharmBoard::Controller::Logout action logout_do, and templates/layouts/default/_header.html.ep (a hacky way to switch between showing a "login" and "logout" button depending on login status, just for dev purposes)

As development continues, there will doubtlessly be more places where session verification is needed. Session verification code should be pushed into its own model ASAP to make sure there are no issues of redundant code across multiple parts of CharmBoard, nor issues of session verification methods differing in each instance it shows up which could potentially cause security issues if i.e. one part of the code has weirdly outdated session management code.

As it stands now, the only actual session management in CharmBoard happens in `CharmBoard::Controller::Login` action `login_do`, `CharmBoard::Controller::Logout` action `logout_do`, and `templates/layouts/default/_header.html.ep` (a hacky way to switch between showing a "login" and "logout" button depending on login status, just for dev purposes) As development continues, there will doubtlessly be more places where session verification is needed. Session verification code should be pushed into its own model ASAP to make sure there are no issues of redundant code across multiple parts of CharmBoard, nor issues of session verification methods differing in each instance it shows up which could potentially cause security issues if i.e. one part of the code has weirdly outdated session management code.
nu added this to the CharmBoard v1.0 milestone 2024-08-21 05:36:35 +00:00
nu added the
improvement
code clarity
 labels 2024-08-21 05:36:35 +00:00
nu added this to the Workable alpha/beta project 2024-08-21 05:37:42 +00:00
nu added the
code organization
 label 2024-08-21 05:39:36 +00:00
nu commented 2024-08-21 22:44:07 +00:00
Author
Owner
Copy Link

Looks like things in the Model namespace aren't allowed access to HTTP request data directly, so this may have to actually be split into two modules, CharmBoard::Controller::Session for the part that fetches the user's session info, and CharmBoard::Model::Session for the part that fetches the stores session info in the database. I guess. But this feels messy? Either way though the approach I was thinking of before doesn't work.

Looks like things in the `Model` namespace aren't allowed access to HTTP request data directly, so this may have to actually be split into two modules, `CharmBoard::Controller::Session` for the part that fetches the user's session info, and `CharmBoard::Model::Session` for the part that fetches the stores session info in the database. I guess. But this feels messy? Either way though the approach I was thinking of before doesn't work.
nu commented 2024-08-21 22:46:18 +00:00
Author
Owner
Copy Link

...Or the other option would be putting it in CharmBoard::Util::Session. I think I need to learn more about how MVC architecture works, I guess.

...Or the other option would be putting it in `CharmBoard::Util::Session`. I think I need to learn more about how MVC architecture works, I guess.
nu commented 2024-08-21 23:19:24 +00:00
Author
Owner
Copy Link

No yeah, a CharmBoard::Controller::Session doesn't make sense actually when I think about it harder, knowing what I know about what the Controller namespace is even used for. So Util namespace will probably have to be it

No yeah, a `CharmBoard::Controller::Session` doesn't make sense actually when I think about it harder, knowing what I know about what the Controller namespace is even used for. So Util namespace will probably have to be it
nu commented 2024-08-21 23:41:29 +00:00
Author
Owner
Copy Link

I guess destroying a session if its invalid is pretty straightforward, and session creation should only happen once. So maybe a Model that just does the database part of things should suffice?

I guess destroying a session if its invalid is pretty straightforward, and session creation should only happen once. So maybe a Model that just does the database part of things should suffice?
nu changed title from Move session management into its own module, `CharmBoard::Model::Session` to Move session management into some sort of reusable format 2024-08-22 09:08:18 +00:00
nu closed this issue 2024-08-22 09:09:16 +00:00
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
main
Labels
Clear labels   
bug

   
code clarity

   
code organization

   
database

   
documentation

   
improvement

   
new feature

   
security
No Label
bug
code clarity
code organization
database
documentation
improvement
new feature
security
Milestone
Clear milestone
No items
No Milestone
CharmBoard v1.0
Projects
Clear projects
No project
Workable alpha/beta
Assignees
Clear assignees
No Assignees
1 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: nu/CharmBoard#18
No description provided.
Delete Branch "%!s(<nil>)"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?