Sessions

Introduction

Sessions within the context of the SRS refers to a stateful temporary communication sequence where the system is aware of the exact user who is making requests and responds accordingly without having to authenticate between them.

Technical details

• A user may only be authenticated as a single user type at any given time. This is so that the frontends of the system don't have to deal with undefined or unexpected situations.
• The session will be maintained via a token that will be stored on the device that was used to authenticate to the system. The session data will be stored inside the database.
• The session expiration will be configurable and, by default, set to a month.
• Each new request will refresh the lifespan of the session.
• The session will only be maintained on the device that the authentication is made on.
• A user may only have a single session active at any given time and, as such, upon login, any existing sessions will be terminated.