Add documentation on Banner sessions

docs/Sessions.md

@@ -0,0 +1,29 @@
+# Sessions
+
+All notes on the internal workings of Sessions in the Banner system.
+
+- Sessions are generated on demand with a random string of characters.
+- Sessions are invalidated after 30 minutes, but may change.
+  - This delay can be found in the original HTML returned, find `meta[name="maxInactiveInterval"]` and read the `content` attribute.
+  - This is read at runtime by the javascript on initialization.
+- Multiple timers exist, one is for the Inactivity Timer.
+  - A dialog will appear asking the user to continue their session.
+  - If they click the button, the session will be extended via the keepAliveURL (see `meta[name="keepAliveURL"]`).
+  - The `keepAliveURL` does not seem to care whether the session is or was ever valid, it will always return a 200 OK with `I am Alive` as the content.
+- When searching with an invalid session (or none at all, as the case may be), the server will return 200 OK, but with an empty result response structure.
+  - ```json
+    {
+        "success": true,
+        "totalCount": 0,
+        "data": null,    // always an array, even if empty
+        "pageOffset": 0,                  //
+        "pageMaxSize": 10,
+        "sectionsFetchedCount": 0,
+        "pathMode": "registration",   // normally "search"
+        "searchResultsConfigs": null,  // normally an array
+        "ztcEncodedImage": null  // normally a static string in base64
+    }
+```
+    
+  - This is only the handling for the search endpoint, more research is required to see how other endpoints handle invalid/expired sessions.
+  - TODO: How is `pathMode` affected by an expired session, rather than an invalid/non-existent one?