2:46 p.m.
----- Original Message -----
From: "Yaniv Kaul" <ykaul(a)redhat.com>
To: "Oved Ourfalli" <ovedo(a)redhat.com>
Cc: "engine-devel" <engine-devel(a)ovirt.org>, "Eoghan Glynn"
<eglynn(a)redhat.com>
Sent: Monday, April 16, 2012 2:03:26 PM
Subject: Re: [Engine-devel] REST session management
On 04/16/2012 11:44 AM, Oved Ourfalli wrote:
>
> ----- Original Message -----
>> From: "Geert Jansen"<gjansen(a)redhat.com>
>> To: "Miki Kenneth"<mkenneth(a)redhat.com>
>> Cc: "Oved Ourfalli"<ovedo(a)redhat.com>,
>> "engine-devel"<engine-devel(a)ovirt.org>, "Eoghan
>> Glynn"<eglynn(a)redhat.com>
>> Sent: Monday, April 16, 2012 11:34:26 AM
>> Subject: Re: [Engine-devel] REST session management
>>
>>
>> On 04/16/2012 10:04 AM, Miki Kenneth wrote:
>>
>>>> I Agree on that, although I'm not sure whether it is really
>>>> needed
>>>> to
>>>> release the session, rather then rely on timeout.
>>>> If we indeed need to provide a way to release the session then I
>>>> agree this is the best alternative. But if we don't then it will
>>>> make the API to the client more (but not very) complex in that
>>>> manner.
>> >
>>> I would go for both - release mechanism (for proper handling) and
>>> timeout mechanism for garbage collection.
>>> (refer to:
>>>
http://blog.synopse.info/post/2011/05/24/How-to-implement-RESTful-authent...)
>> Agreed we need both. I think that for security purposes, it is
>> important
>> to have a "log out" function. That way, client applications can
>> decide
>> depending on their local security requirements whether or not it
>> is
>> acceptable to leave a session open.
>>
> So (unless someone objects) let's go for option #2 (using the
> Prefer header on each and every request, and release the session
> once it is not there).
My only objection is that you implement a draft spec and implement a
header without even bothering to register it - or asking if there is
such an identical-purposed header with a different name which may get
registered / is already in use somewhere.
Y.
One of the reasons of posting to this mailing list is to try and get information
on alternatives.
I already looked for similar headers, but I'll take another look to see if others
exist.
Any idea where I can get an official answer for that?
Looked in http://www.iana.org/assignments/message-headers/perm-headers.html, but it was
hard to find a more suitable header there.
We can have a dedicated header of our own in that matter, but better being standard.
BTW, from what I read the acceptance process is in its final stages, but I'm not too
familiar with the process, so hard to say how much time will it take for it to be
complete.
>
> Thank you,
> Oved
>> Regards,
>> Geert
>>
> _______________________________________________
> Engine-devel mailing list
> Engine-devel(a)ovirt.org
> http://lists.ovirt.org/mailman/listinfo/engine-devel
_______________________________________________
Engine-devel mailing list
Engine-devel(a)ovirt.org
http://lists.ovirt.org/mailman/listinfo/engine-devel