The Authentication worker stores all of its state in an AuthSession. A new AuthSession is created upon a call to renderLoginForm.
Note that AuthSessions are not relevant to a user's session, or session timeout, once they have logged in. AuthSessions exist to handle the time between generating the login form and the user logging in or being redirected off to a third party and coming back.
Stored within an AuthSession:
| Name | Type | Description |
|---|---|---|
| ID | UUID | The AuthSessionID |
| Nonce | UUID | The current nonce value used to ensure forms cannot be double submitted. May be null |
| ReturnUrl | VARCHAR | As supplied in the renderLoginForm call. The URL to return to after passing through the authentication system without an error. Will have the 'as' (AuthSessionId) and 'asn' (AuthSessionNonce) query parameters appended to it |
| ErrorReturnUrl | VARCHAR | URL to return to after an error within the authentication worker occurs. As supplied in the renderLoginForm call |
| BaseAuthWorkerUrl | VARCHAR | Publicly accessible path to the worker, eg http://mysite/apiserver/auth As supplied in the renderLoginForm call |
| NamedTemplateOverrides | MEMO | Affects handlebars template resolution. As supplied in the renderLoginForm call |
| CurrentState | VARCHAR | Current state of the provider-specific state machine |
| Provider | VARCHAR | Name of the provider the user chose to login with |
| ReturnData | MEMO | Data to be returned to the caller of the getAuthStatus method |
| Created | Timestamp | When the AuthSession was created |
| Updated | Timestamp | When the AuthSession was last updated |
Expiry
AuthSessions are expired by the AuthSessionExpiry task when they haven't been updated for the time period specified by the
The AuthSessionExpiry task runs every 30 minutes by default. See the
Share this page
