Handler_AppSignIn - Sign in with post values 'pw, 'em', and 'kbxb' - pw: the user's password - em: the user's email - kbxb: a non empty value specified for kbxb will result in a header token being returned for a non browser application to use for header authentication - - an empty value will result in a samesite cookie being issued to the browser for browser app session authenication - - conventipon for 'kbxb' will be the strings 'true', or the post body variable should be left unset - - i.e.

Handler_AppSignOut - Expects json enocded ExternalUser.

VERIFY REQUEST Request will be verified one od three ways: - Authenticate session with kbxs cookie , compare to user_auth_session.token - - requires post body : user_id and header: user agent - Authenticate session with kbxb , compare to user_auth_session.token - - Purpose of VerifyWithHeader with authBode b : kbxb header is to provide header api auth that requires login session to be active, i.e.

Verify with api - Branched from VerifyRequest.

Verify with cookie - Branched from VerifyRequest.

Verify with header - Branched from VerifyRequest.