The session management system currently in use by glFusion is very simple and does not provide any features beyond tracking if the user is logged in or not.
The goal of this project will be to develop an enhanced session management system that will be shared by the core glFusion code and all plugins.
Information or state must be stored. For example, any user submitted data must be maintained across multiple
HTTP requests.
Each
HTTP request must carry an identifier that allows the server to process the request in the context of the stored state.
Sessions need to have a timeout . Otherwise, if a user leaves the web site, there is no way the server can tell when the session should end.
Sessions need to be able to track multiple levels of authentication. For example, when performing an admin function, a new session should be created and validated (password required) before the admin function is allowed.
Sessions must be scalable. The solution must be reasonably scalable and work in a shared hosting environment. glFusion’s goal is to run with under the restrictions imposed by most commercial hosting services.
Sessions must be secure. Reasonable steps must be taken to ensure session ids cannot be stolen or reused.
A strong understanding of PHP and SQL databases will be required. Understanding the current authentication and session management system in glFusion is also required.
Moderate
Session management in PHP is not anything new. The challenge will be implementing the necessary hooks to allow plugins to utilize the session infrastructure.
All code must be created using the GNU General Public License
