sequenceDiagram
participant User
participant SessionsController
participant UserModel
participant AuthConcern as AuthenticationConcern
participant SecuritySystem
participant SessionModel
User->>SessionsController: POST /session (login attempt)
SessionsController->>UserModel: authenticate(email, password)
alt Suspicious Login
SessionsController->>SecuritySystem: Analyze behavior patterns
SecuritySystem-->>SessionsController: Trigger decoy session
SessionsController->>AuthConcern: start_decoy_session_for(user)
AuthConcern->>SessionModel: create_fake_session()
SessionsController->>User: Redirect to decoy environment
else Authentication Successful
UserModel-->>SessionsController: User object
SessionsController->>SecuritySystem: Biometric check/humor test
SecuritySystem-->>SessionsController: Pass verification
SessionsController->>AuthConcern: start_new_session_for(user)
AuthConcern->>SessionModel: create real session
SessionsController->>User: Redirect to dashboard
else Authentication Failed
UserModel-->>SessionsController: nil
SessionsController->>User: Redirect to login page with error
end
alt Dynamic Expiry
SessionModel->>SecuritySystem: Evaluate user activity
SecuritySystem-->>SessionModel: Randomize session expiration
else Traditional Expiry
SessionModel-->>SessionsController: Session expires normally
end