[Kimchi-devel] [RFC] Kimchi is logging out due to session timeout even when user is typing or using the webpage #133

Aline Manera alinefm at linux.vnet.ibm.com
Wed Jul 20 13:50:29 UTC 2016 


On 07/19/2016 07:26 PM, Paulo Ricardo Paz Vital wrote:
> On Jul 19 09:55AM, Ramon Medeiros wrote:
>> Proposal:
>>
>> Return the remaining time for the end of the session by REST API. This will
>> add a functionality in the UI, that will popup a warning asking if user
>> wants to keep it logged.
>>
>> More information on issue: https://github.com/kimchi-project/wok/issues/133
>>
>> Doubts:
>> How i will return this on the header?
> Not sure, but googling a little bit I found that HTTP Response Header
> has a field called 'Expires':
>
> https://tools.ietf.org/html/rfc7234#section-5.3
>
> For more information about Response Header Fields:
>
> https://tools.ietf.org/html/rfc7231#section-7

Look at render() function in src/wok/template.py
Please, define the header name to do no block the UI development.

>> Where timeout of authentication (session) is ?
> 'session_timeout' is a variable present in Wok's configuration file
> (src/wok.conf.in line 27) and set in src/wok/config.py.in (line 273).
> You can get it's value in backend, just importing wok.config and reading
> it's value:
>
> import wok.config as config
> session_timeout = config.config.get("server", "session_timeout")

No no!

This session_timeout is the number of minutes that a session can remain 
idle before the server terminates it automatically.

That value needed by Ramon is related to the last access which refreshed 
the session.

Ramon,
In that case, the information is hold by cherrypy.session

cherrypy.session is a dict with the following data:

[('username', u'guest'), ('robot-refresh', 1469022245.734541), ('roles', 
{'templates': 'user', 'guests': 'user', 'network': 'user', 
'administration': 'user', 'storage': 'user', 'dashboard': 'user', 
'system services': 'user', 'updates': 'user'}), ('groups', ['guest'])]

the 'robot-refresh' contains the timestamp from the last requested.

You can check check_auth_session() in src/wok/auth.py to understand how 
that value is set (time.time())

Also, do not use 'robot-refresh' hardcoded in your code. Use the 
constants defined in src/wok/auth.py

So to get the amount of time the session will be alive you need to do:

current_time = time.time()
last_request = cherrypy.session[REFRESH]
session_expires = last_request + (session_timeout * 60)
still_alive = session_expires - current_time

I hope it helps you.

>> -- 
>>
>> Ramon Nunes Medeiros
>> Kimchi Developer
>> Linux Technology Center Brazil
>> IBM Systems & Technology Group
>> Phone : +55 19 2132 7878
>> ramonn at br.ibm.com
>>
>> _______________________________________________
>> Kimchi-devel mailing list
>> Kimchi-devel at ovirt.org
>> http://lists.ovirt.org/mailman/listinfo/kimchi-devel
>>

More information about the Kimchi-devel mailing list