[Engine-devel] UI Plugins: issue with REST API keep-alive heartbeat fixed
Einav Cohen
ecohen at redhat.com
Mon May 13 20:10:59 UTC 2013
> ----- Original Message -----
> From: "Vojtech Szocs" <vszocs at redhat.com>
> Sent: Monday, May 13, 2013 10:23:30 AM
>
> Hi guys,
>
> just a quick update, recently we fixed an issue [1] with UI Plugin REST API
> integration trying to keep-alive the current REST API session, which was
> causing repeated "User logged in" events in GUI, along with new REST API
> session created each time the heartbeat request was fired. Please refer to
> commit message for more details on this issue.
>
> There are some things to be aware of with regard to UI Plugin REST API
> integration:
> - all plugins still receive a single session ID based on WebAdmin user
> credentials, i.e. keep the current "single-admin-session-for-all-plugins"
> behavior
> - session timeout is set to 6 hours --> 2x more than default REST API session
> timeout
> - WebAdmin will *not* try to keep-alive the session via periodic heartbeat
> requests, i.e. break the current
> "keep-session-alive-while-user-stays-authenticated" behavior
>
> In practice, this means that after a user logs into WebAdmin, if no plugin
> interacts with the REST API session via provided ID for more than 6 hours,
> the session will time-out eventually. Unfortunately, for now, we can't
> support the session keep-alive mechanism due to issues with HTTP
> 'Authorization' header handling in web browsers, but with RFE [2] it would
> be possible to re-implement the session keep-alive mechanism.
>
> On the other hand, we'll most likely revisit the current
> "single-admin-session-for-all-plugins" behavior in future, i.e. have special
> Engine users created for use with UI Plugin REST API integration, with
> permissions of such users under control by the admin. This would change the
> current behavior to something like "separate-user-session-for-each-plugin",
> with individual plugins able to create their own REST API session on demand.
>
> Regards,
> Vojtech
>
> [1] http://gerrit.ovirt.org/#/c/14411/
Thanks, Vojtech - just adding the missing RFE reference ([2]):
[2] Bug 958861 - Support passing auth information without having to use HTTP Authorization header
[https://bugzilla.redhat.com/show_bug.cgi?id=958861]
More information about the Devel
mailing list