Expand description
Session start hook handler.
ยงSecurity
This module validates session IDs for sufficient entropy to prevent:
- Predictable session attacks
- Session enumeration attacks
- Weak identifier exploitation
Structsยง
- Session
Context ๐ - Context prepared for a session.
- Session
Start Handler - Handles
SessionStarthook events.
Enumsยง
- Guidance
Level - Level of guidance to provide in context.
- Session
IdValidation - Result of session ID validation.
Constantsยง
- DEFAULT_
CONTEXT_ ๐TIMEOUT_ MS - Default timeout for context loading (PERF-M3: prevents session start blocking).
- MAX_
SESSION_ ๐ID_ LENGTH - Maximum length for session IDs (denial of service prevention).
- MIN_
SEQUENTIAL_ ๐RUN - Minimum consecutive sequential characters to flag as low entropy.
- MIN_
SESSION_ ๐ID_ LENGTH - Minimum length for session IDs (security requirement).
- MIN_
UNIQUE_ ๐CHARS - Minimum number of unique characters required for entropy.
Functionsยง
- add_
statistics_ ๐if_ present - Adds formatted statistics to context if memories exist.
- has_
long_ ๐sequential_ run - Checks if a string contains a long consecutive sequential run.
- has_
low_ ๐entropy - Checks if a session ID has low entropy (predictable patterns).
- validate_
session_ id - Validates a session ID for sufficient entropy.