https://oxpedia.org/wiki/index.php?title=OXSessionHandlingGlossary&feed=atom&action=historyOXSessionHandlingGlossary - Revision history2024-03-29T04:41:51ZRevision history for this page on the wikiMediaWiki 1.31.0https://oxpedia.org/wiki/index.php?title=OXSessionHandlingGlossary&diff=25030&oldid=prevKhgras at 10:58, 18 November 20192019-11-18T10:58:46Z<p></p>
<table class="diff diff-contentalign-left" data-mw="interface">
<col class="diff-marker" />
<col class="diff-content" />
<col class="diff-marker" />
<col class="diff-content" />
<tr class="diff-title" lang="en">
<td colspan="2" style="background-color: #fff; color: #222; text-align: center;">← Older revision</td>
<td colspan="2" style="background-color: #fff; color: #222; text-align: center;">Revision as of 10:58, 18 November 2019</td>
</tr><tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l1" >Line 1:</td>
<td colspan="2" class="diff-lineno">Line 1:</td></tr>
<tr><td class='diff-marker'>−</td><td style="color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div><del class="diffchange diffchange-inline">= OX Session System Glossary =</del></div></td><td class='diff-marker'>+</td><td style="color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins class="diffchange diffchange-inline">The content on this page has moved to https://documentation.open-xchange.com/7.10.3/middleware/login_and_sessions/session_glossary.html</ins></div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td></tr>
<tr><td class='diff-marker'>−</td><td style="color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div> </div></td><td class='diff-marker'>+</td><td style="color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins class="diffchange diffchange-inline">Note: Open</ins>-<ins class="diffchange diffchange-inline">Xchange </ins>is in the <ins class="diffchange diffchange-inline">process </ins>of <ins class="diffchange diffchange-inline">migrating all its technical documentation </ins>to a <ins class="diffchange diffchange-inline">new </ins>and <ins class="diffchange diffchange-inline">improved documentation system </ins>(<ins class="diffchange diffchange-inline">documentation</ins>.<ins class="diffchange diffchange-inline">open-xchange</ins>.com<ins class="diffchange diffchange-inline">)</ins>. <ins class="diffchange diffchange-inline">Please note </ins>as the <ins class="diffchange diffchange-inline">migration takes place more information will be available on </ins>the <ins class="diffchange diffchange-inline">new system </ins>and <ins class="diffchange diffchange-inline">less on this system</ins>. <ins class="diffchange diffchange-inline">Thank </ins>you <ins class="diffchange diffchange-inline">for </ins>your <ins class="diffchange diffchange-inline">understanding during </ins>this <ins class="diffchange diffchange-inline">period </ins>of <ins class="diffchange diffchange-inline">transition</ins>.</div></td></tr>
<tr><td class='diff-marker'>−</td><td style="color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div><del class="diffchange diffchange-inline">== Autologin ==</del></div></td><td colspan="2"> </td></tr>
<tr><td class='diff-marker'>−</td><td style="color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div> </div></td><td colspan="2"> </td></tr>
<tr><td class='diff-marker'>−</td><td style="color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div><del class="diffchange diffchange-inline">When we're talking about '''autologin''' we're referring to the system that '''recovers and restarts''' a users session after she did a page refresh, or closed the browser and later reopened it and the OX frontend. If you want to find out more about the session recovery system, please refer to [[OXSessionAutologin]].</del></div></td><td colspan="2"> </td></tr>
<tr><td class='diff-marker'>−</td><td style="color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div> </div></td><td colspan="2"> </td></tr>
<tr><td class='diff-marker'>−</td><td style="color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div><del class="diffchange diffchange-inline">== Auth-ID ==</del></div></td><td colspan="2"> </td></tr>
<tr><td class='diff-marker'>−</td><td style="color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div> </div></td><td colspan="2"> </td></tr>
<tr><td class='diff-marker'>−</td><td style="color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div><del class="diffchange diffchange-inline">The '''auth</del>-<del class="diffchange diffchange-inline">id''' </del>is <del class="diffchange diffchange-inline">a unique ID that allows '''tracking login/logout requests''' across the systems </del>in <del class="diffchange diffchange-inline">your apache / OX cluster. It is useful for finding out which login request passed through which systems. </del></div></td><td colspan="2"> </td></tr>
<tr><td class='diff-marker'>−</td><td style="color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div> </div></td><td colspan="2"> </td></tr>
<tr><td class='diff-marker'>−</td><td style="color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div><del class="diffchange diffchange-inline">== Cookie Hash ==</del></div></td><td colspan="2"> </td></tr>
<tr><td class='diff-marker'>−</td><td style="color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div> </div></td><td colspan="2"> </td></tr>
<tr><td class='diff-marker'>−</td><td style="color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div><del class="diffchange diffchange-inline">The '''cookie hash''' (not </del>the <del class="diffchange diffchange-inline">other way around) is a '''unique string identifier computed from certain aspects </del>of <del class="diffchange diffchange-inline">the login request'''. It is used </del>to a<del class="diffchange diffchange-inline">) bind the session to certain client characteristics to prevent a session overtake </del>and <del class="diffchange diffchange-inline">b) to allow session data of more than one session to be stored in the same cookie store </del>(<del class="diffchange diffchange-inline">by providing unique names for the cookies)</del>. <del class="diffchange diffchange-inline">See also [[OXSessionLifecycle]]</del>.</div></td><td colspan="2"> </td></tr>
<tr><td class='diff-marker'>−</td><td style="color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div> </div></td><td colspan="2"> </td></tr>
<tr><td class='diff-marker'>−</td><td style="color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div><del class="diffchange diffchange-inline">== Client ==</del></div></td><td colspan="2"> </td></tr>
<tr><td class='diff-marker'>−</td><td style="color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div> </div></td><td colspan="2"> </td></tr>
<tr><td class='diff-marker'>−</td><td style="color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div><del class="diffchange diffchange-inline">The '''client''' is a string identifier, used to '''identify a client''' that wants to use a session. Its values follow the reverse-domain-name convention of java packages, so for example the OX frontend identifies itself as '''</del>com.<del class="diffchange diffchange-inline">openexchange.ox.gui.dhtml'''. The client is usually passed </del>as <del class="diffchange diffchange-inline">a parameter to </del>the <del class="diffchange diffchange-inline">login call and becomes one component of </del>the <del class="diffchange diffchange-inline">'''cookie hash'''. </del></div></td><td colspan="2"> </td></tr>
<tr><td class='diff-marker'>−</td><td style="color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div> </div></td><td colspan="2"> </td></tr>
<tr><td class='diff-marker'>−</td><td style="color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div><del class="diffchange diffchange-inline">== Form login ==</del></div></td><td colspan="2"> </td></tr>
<tr><td class='diff-marker'>−</td><td style="color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div> </div></td><td colspan="2"> </td></tr>
<tr><td class='diff-marker'>−</td><td style="color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div><del class="diffchange diffchange-inline">The '''form login''' describes a login call that can be triggered by an external </del>and <del class="diffchange diffchange-inline">custom form</del>. <del class="diffchange diffchange-inline">This was formerly (pre 6.20) known as the '''easy login'''. If </del>you <del class="diffchange diffchange-inline">want to provide </del>your <del class="diffchange diffchange-inline">own login form, </del>this <del class="diffchange diffchange-inline">is the way to go about it. You can read all the details [[OXSessionFormLogin|here]].</del></div></td><td colspan="2"> </td></tr>
<tr><td class='diff-marker'>−</td><td style="color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div> </div></td><td colspan="2"> </td></tr>
<tr><td class='diff-marker'>−</td><td style="color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div><del class="diffchange diffchange-inline">== IP Check ==</del></div></td><td colspan="2"> </td></tr>
<tr><td class='diff-marker'>−</td><td style="color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div> </div></td><td colspan="2"> </td></tr>
<tr><td class='diff-marker'>−</td><td style="color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div><del class="diffchange diffchange-inline">The '''IP check''' describes a '''security check''' the OX server uses on sessions. Upon session creation the clients IP address is stored along with the session data. Later accesses within the session must then come from the same IP address that created the session. This is used to make session takeovers harder. See also [[OXSessionSecurityFeatures]].</del></div></td><td colspan="2"> </td></tr>
<tr><td class='diff-marker'>−</td><td style="color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div> </div></td><td colspan="2"> </td></tr>
<tr><td class='diff-marker'>−</td><td style="color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div><del class="diffchange diffchange-inline">== Session-ID ==</del></div></td><td colspan="2"> </td></tr>
<tr><td class='diff-marker'>−</td><td style="color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div> </div></td><td colspan="2"> </td></tr>
<tr><td class='diff-marker'>−</td><td style="color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div><del class="diffchange diffchange-inline">The '''session id''' is a unique string identifying the session. The session id, together with the session secret, is used to verify the authenticity of a session. In subsequent requests the session id will usually be transmitted as a '''request parameter''', but might be stored in a cookie when the [[OXSessionAutologin|autologin feature]] is used. </del></div></td><td colspan="2"> </td></tr>
<tr><td class='diff-marker'>−</td><td style="color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div> </div></td><td colspan="2"> </td></tr>
<tr><td class='diff-marker'>−</td><td style="color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div><del class="diffchange diffchange-inline">== Session Secret ==</del></div></td><td colspan="2"> </td></tr>
<tr><td class='diff-marker'>−</td><td style="color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div> </div></td><td colspan="2"> </td></tr>
<tr><td class='diff-marker'>−</td><td style="color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div><del class="diffchange diffchange-inline">The '''session secret''', along with the session id, is used to verify the authenticity of a session. It is always passed to the OX server as a cookie. Only when the session id parameter and the session secret cookie belong to the same session will a request be accepted by the OX backend. The cookie name has the format '''open-xchange-secret-[hash]''' with 'hash' being the '''cookie hash'''. If you want to know more about the session secret and how it is used to verify the authenticity </del>of <del class="diffchange diffchange-inline">a session, please refer to [[OXSessionLifecycle]] and [[OXSessionSecurityFeatures]]</del>.</div></td><td colspan="2"> </td></tr>
</table>Khgrashttps://oxpedia.org/wiki/index.php?title=OXSessionHandlingGlossary&diff=7864&oldid=prevDerCisco at 12:35, 17 May 20112011-05-17T12:35:24Z<p></p>
<table class="diff diff-contentalign-left" data-mw="interface">
<col class="diff-marker" />
<col class="diff-content" />
<col class="diff-marker" />
<col class="diff-content" />
<tr class="diff-title" lang="en">
<td colspan="2" style="background-color: #fff; color: #222; text-align: center;">← Older revision</td>
<td colspan="2" style="background-color: #fff; color: #222; text-align: center;">Revision as of 12:35, 17 May 2011</td>
</tr><tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l1" >Line 1:</td>
<td colspan="2" class="diff-lineno">Line 1:</td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins style="font-weight: bold; text-decoration: none;">= OX Session System Glossary =</ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins style="font-weight: bold; text-decoration: none;"></ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins style="font-weight: bold; text-decoration: none;"></ins></div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>== Autologin ==</div></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>== Autologin ==</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td></tr>
</table>DerCiscohttps://oxpedia.org/wiki/index.php?title=OXSessionHandlingGlossary&diff=7863&oldid=prevDerCisco: Created page with "== Autologin == When we're talking about '''autologin''' we're referring to the system that '''recovers and restarts''' a users session after she did a page refresh, or closed t..."2011-05-17T10:53:11Z<p>Created page with "== Autologin == When we're talking about '''autologin''' we're referring to the system that '''recovers and restarts''' a users session after she did a page refresh, or closed t..."</p>
<p><b>New page</b></p><div>== Autologin ==<br />
<br />
When we're talking about '''autologin''' we're referring to the system that '''recovers and restarts''' a users session after she did a page refresh, or closed the browser and later reopened it and the OX frontend. If you want to find out more about the session recovery system, please refer to [[OXSessionAutologin]].<br />
<br />
== Auth-ID ==<br />
<br />
The '''auth-id''' is a unique ID that allows '''tracking login/logout requests''' across the systems in your apache / OX cluster. It is useful for finding out which login request passed through which systems. <br />
<br />
== Cookie Hash ==<br />
<br />
The '''cookie hash''' (not the other way around) is a '''unique string identifier computed from certain aspects of the login request'''. It is used to a) bind the session to certain client characteristics to prevent a session overtake and b) to allow session data of more than one session to be stored in the same cookie store (by providing unique names for the cookies). See also [[OXSessionLifecycle]].<br />
<br />
== Client ==<br />
<br />
The '''client''' is a string identifier, used to '''identify a client''' that wants to use a session. Its values follow the reverse-domain-name convention of java packages, so for example the OX frontend identifies itself as '''com.openexchange.ox.gui.dhtml'''. The client is usually passed as a parameter to the login call and becomes one component of the '''cookie hash'''. <br />
<br />
== Form login ==<br />
<br />
The '''form login''' describes a login call that can be triggered by an external and custom form. This was formerly (pre 6.20) known as the '''easy login'''. If you want to provide your own login form, this is the way to go about it. You can read all the details [[OXSessionFormLogin|here]].<br />
<br />
== IP Check ==<br />
<br />
The '''IP check''' describes a '''security check''' the OX server uses on sessions. Upon session creation the clients IP address is stored along with the session data. Later accesses within the session must then come from the same IP address that created the session. This is used to make session takeovers harder. See also [[OXSessionSecurityFeatures]].<br />
<br />
== Session-ID ==<br />
<br />
The '''session id''' is a unique string identifying the session. The session id, together with the session secret, is used to verify the authenticity of a session. In subsequent requests the session id will usually be transmitted as a '''request parameter''', but might be stored in a cookie when the [[OXSessionAutologin|autologin feature]] is used. <br />
<br />
== Session Secret ==<br />
<br />
The '''session secret''', along with the session id, is used to verify the authenticity of a session. It is always passed to the OX server as a cookie. Only when the session id parameter and the session secret cookie belong to the same session will a request be accepted by the OX backend. The cookie name has the format '''open-xchange-secret-[hash]''' with 'hash' being the '''cookie hash'''. If you want to know more about the session secret and how it is used to verify the authenticity of a session, please refer to [[OXSessionLifecycle]] and [[OXSessionSecurityFeatures]].</div>DerCisco