OXSessionHandlingGlossary: Difference between revisions

From Open-Xchange
mNo edit summary
No edit summary
 
Line 1: Line 1:
= OX Session System Glossary =
The content on this page has moved to https://documentation.open-xchange.com/7.10.3/middleware/login_and_sessions/session_glossary.html


 
Note: Open-Xchange is in the process of migrating all its technical documentation to a new and improved documentation system (documentation.open-xchange.com). Please note as the migration takes place more information will be available on the new system and less on this system. Thank you for your understanding during this period of transition.
== Autologin ==
 
When we're talking about '''autologin''' we're referring to the system that '''recovers and restarts''' a users session after she did a page refresh, or closed the browser and later reopened it and the OX frontend. If you want to find out more about the session recovery system, please refer to [[OXSessionAutologin]].
 
== Auth-ID ==
 
The '''auth-id''' is a unique ID that allows '''tracking login/logout requests''' across the systems in your apache / OX cluster. It is useful for finding out which login request passed through which systems.
 
== Cookie Hash ==
 
The '''cookie hash''' (not the other way around) is a '''unique string identifier computed from certain aspects of the login request'''. It is used to a) bind the session to certain client characteristics to prevent a session overtake and b) to allow session data of more than one session to be stored in the same cookie store (by providing unique names for the cookies). See also [[OXSessionLifecycle]].
 
== Client ==
 
The '''client''' is a string identifier, used to '''identify a client''' that wants to use a session. Its values follow the reverse-domain-name convention of java packages, so for example the OX frontend identifies itself as '''com.openexchange.ox.gui.dhtml'''. The client is usually passed as a parameter to the login call and becomes one component of the '''cookie hash'''.
 
== Form login ==
 
The '''form login''' describes a login call that can be triggered by an external and custom form. This was formerly (pre 6.20) known as the '''easy login'''. If you want to provide your own login form, this is the way to go about it. You can read all the details [[OXSessionFormLogin|here]].
 
== IP Check ==
 
The '''IP check''' describes a '''security check''' the OX server uses on sessions. Upon session creation the clients IP address is stored along with the session data. Later accesses within the session must then come from the same IP address that created the session. This is used to make session takeovers harder. See also [[OXSessionSecurityFeatures]].
 
== Session-ID ==
 
The '''session id''' is a unique string identifying the session. The session id, together with the session secret, is used to verify the authenticity of a session. In subsequent requests the session id will usually be transmitted as a '''request parameter''', but might be stored in a cookie when the [[OXSessionAutologin|autologin feature]] is used.
 
== Session Secret ==
 
The '''session secret''', along with the session id, is used to verify the authenticity of a session. It is always passed to the OX server as a cookie. Only when the session id parameter and the session secret cookie belong to the same session will a request be accepted by the OX backend. The cookie name has the format '''open-xchange-secret-[hash]''' with 'hash' being the '''cookie hash'''. If you want to know more about the session secret and how it is used to verify the authenticity of a session, please refer to [[OXSessionLifecycle]] and [[OXSessionSecurityFeatures]].

Latest revision as of 10:58, 18 November 2019

The content on this page has moved to https://documentation.open-xchange.com/7.10.3/middleware/login_and_sessions/session_glossary.html

Note: Open-Xchange is in the process of migrating all its technical documentation to a new and improved documentation system (documentation.open-xchange.com). Please note as the migration takes place more information will be available on the new system and less on this system. Thank you for your understanding during this period of transition.