[Kimchi-devel] [RFC] Kimchi is logging out due to session timeout even when user is typing or using the webpage #133

Aline Manera alinefm at linux.vnet.ibm.com
Wed Jul 20 14:14:03 UTC 2016 


On 07/20/2016 10:50 AM, Aline Manera wrote:
>
>
> On 07/19/2016 07:26 PM, Paulo Ricardo Paz Vital wrote:
>> On Jul 19 09:55AM, Ramon Medeiros wrote:
>>> Proposal:
>>>
>>> Return the remaining time for the end of the session by REST API. 
>>> This will
>>> add a functionality in the UI, that will popup a warning asking if user
>>> wants to keep it logged.
>>>
>>> More information on issue: 
>>> https://github.com/kimchi-project/wok/issues/133
>>>
>>> Doubts:
>>> How i will return this on the header?
>> Not sure, but googling a little bit I found that HTTP Response Header
>> has a field called 'Expires':
>>
>> https://tools.ietf.org/html/rfc7234#section-5.3
>>
>> For more information about Response Header Fields:
>>
>> https://tools.ietf.org/html/rfc7231#section-7
>
> Look at render() function in src/wok/template.py
> Please, define the header name to do no block the UI development.
>
>>> Where timeout of authentication (session) is ?
>> 'session_timeout' is a variable present in Wok's configuration file
>> (src/wok.conf.in line 27) and set in src/wok/config.py.in (line 273).
>> You can get it's value in backend, just importing wok.config and reading
>> it's value:
>>
>> import wok.config as config
>> session_timeout = config.config.get("server", "session_timeout")
>
> No no!
>
> This session_timeout is the number of minutes that a session can 
> remain idle before the server terminates it automatically.
>
> That value needed by Ramon is related to the last access which 
> refreshed the session.
>
> Ramon,
> In that case, the information is hold by cherrypy.session
>
> cherrypy.session is a dict with the following data:
>
> [('username', u'guest'), ('robot-refresh', 1469022245.734541), 
> ('roles', {'templates': 'user', 'guests': 'user', 'network': 'user', 
> 'administration': 'user', 'storage': 'user', 'dashboard': 'user', 
> 'system services': 'user', 'updates': 'user'}), ('groups', ['guest'])]
>
> the 'robot-refresh' contains the timestamp from the last requested.
>
> You can check check_auth_session() in src/wok/auth.py to understand 
> how that value is set (time.time())
>
> Also, do not use 'robot-refresh' hardcoded in your code. Use the 
> constants defined in src/wok/auth.py
>
> So to get the amount of time the session will be alive you need to do:
>
> current_time = time.time()
> last_request = cherrypy.session[REFRESH]
> session_expires = last_request + (session_timeout * 60)
> still_alive = session_expires - current_time
>
> I hope it helps you.
>

 From what Peter requested at 
https://github.com/kimchi-project/wok/issues/133#issuecomment-232752799 
he wants to have the time the session ends.

So it would be cherrypy.session[REFRESH] + (session_timeout * 60)

Please, consider the right data format when doing that count.

Also to renew the session we can use the API /tasks

>>> -- 
>>>
>>> Ramon Nunes Medeiros
>>> Kimchi Developer
>>> Linux Technology Center Brazil
>>> IBM Systems & Technology Group
>>> Phone : +55 19 2132 7878
>>> ramonn at br.ibm.com
>>>
>>> _______________________________________________
>>> Kimchi-devel mailing list
>>> Kimchi-devel at ovirt.org
>>> http://lists.ovirt.org/mailman/listinfo/kimchi-devel
>>>
>
> _______________________________________________
> Kimchi-devel mailing list
> Kimchi-devel at ovirt.org
> http://lists.ovirt.org/mailman/listinfo/kimchi-devel
>

More information about the Kimchi-devel mailing list