[3.3][RC] Device info in Session keys

A place for Extension Authors to post and receive feedback on Extensions still in development. No Extensions within this forum should be used within a live environment!
Scam Warning
Forum rules
READ: phpBB.com Board-Wide Rules and Regulations

IMPORTANT: Extensions Development rules

IMPORTANT FOR NEEDED EVENTS!!!
If you need an event for your extension please read this for the steps to follow to request the event(s)
User avatar
Siava
Registered User
Posts: 154
Joined: Wed Jan 26, 2005 10:07 am

[3.3][RC] Device info in Session keys

Post by Siava »

Came from Ideas...

Adds Device info to `Manage “Remember Me” login keys` tab in UCP.
Device info will appear only after updating the session key and if you using “Remember Me” option before login.

Minimal phpbb version required: 3.3.2

Image

Demo & download: version 1.0.1
User avatar
ssl
Registered User
Posts: 1986
Joined: Sat Feb 08, 2020 2:15 pm
Location: Le Lude, Pays de la Loire - France
Name: Fred Rimbert

Re: [3.3][RC] Device info in Session keys

Post by ssl »

Hi
Thanks for this extension.
French translation for download here: https://caforum.fr/forum/viewtopic.php? ... 1850#p1850
Sorry for my English ... I do my best! :anger_right:

:point_right_tone3: phpBB: 3.3.13 | PHP: 8.3.9
:point_right_tone4: [Kill spam on phpBB] - [Some French translation of extensions]
"Mistress, Mistress someone is bothering me in pm"
User avatar
EA117
Registered User
Posts: 2171
Joined: Wed Aug 15, 2018 3:23 am

Re: [3.3][RC] Device info in Session keys

Post by EA117 »

Nice work. I like the fact that even existing keys will be updated with device info — even without performing a new login, and without having to use "Remember Me" again — so long as we pass through session_create(). Meaning it's not going to happen "immediately" necessarily, but once your existing session lifetime expires & the existing autologon key needs to be used to create a new session, the device details get updated at that point even without "performing a new login."

This scenario had come to mind because I realized there were some minor edge cases where "the user agent identification string isn't necessarily going to remain the same." Although normally we would expect "the autologon cookie should always be used/sent by the same device and user agent", entering into the F12 Developer tools can end up changing your user agent identification string due to the device emulation in effect. As such, the user agent string is now different. Even though "the persisted cookies sent when accessing this site" remain exactly the same, including the autologon cookie.

So I just wanted to be sure that "SessionKeys isn't going to forever persist Linux or iOS as my platform" just because I happened to login or re-create my session while under F12 on my Windows PC. And in my opinion, the current logic already handles this well enough. The "wrong" information might be shown for the duration of the current phpBB session lifetime, but as soon as a new session needs to be created, whatever user agent string is in effect at that point will be updated in the device info. That's plenty frequent enough, to me.

Return to “Extensions in Development”