62fe0ed5eb
Entités: - entities-overview.md → vue-ensemble.md États (Lifecycles): - user-account-lifecycle.md → compte-utilisateur.md - content-lifecycle.md → contenu.md - session-lifecycle.md → session.md - report-lifecycle.md → signalement.md - export-lifecycle.md → export-donnees.md - parental-consent-lifecycle.md → consentement-parental.md - account-deletion-lifecycle.md → suppression-compte.md - breach-incident-lifecycle.md → incident-breach.md Séquences: - authentication-flow.md → authentification.md - token-refresh.md → refresh-token.md (terme technique conservé) - content-moderation.md → moderation-contenu.md - content-report.md → signalement.md
30 lines
853 B
Markdown
30 lines
853 B
Markdown
# Cycle de vie - Session
|
|
|
|
## Diagramme
|
|
|
|
```mermaid
|
|
stateDiagram-v2
|
|
[*] --> Active: Connexion
|
|
|
|
Active --> Active: Refresh token
|
|
Active --> Expired: Inactivité 30j
|
|
Active --> Revoked: Déconnexion manuelle
|
|
Active --> Revoked: Changement mot de passe
|
|
Active --> Revoked: Replay attack
|
|
|
|
Expired --> [*]
|
|
Revoked --> [*]
|
|
```
|
|
|
|
## Règles
|
|
|
|
| État | Condition | Description |
|
|
|------|-----------|-------------|
|
|
| Active | `revoked_at IS NULL` | Access token 15min, Refresh token 30j |
|
|
| Expired | `refresh_token_expires_at < NOW()` | Inactivité 30j |
|
|
| Revoked | `revoked_at IS NOT NULL` | Révoquée manuellement |
|
|
|
|
**Rotation** : Refresh token rotatif (nouveau à chaque refresh)
|
|
**Sécurité** : Tokens hashés SHA256, révocation globale si replay attack
|
|
**Nettoyage** : Suppression sessions expirées/révoquées > 7j/30j
|