[RFC] Kimchi is logging out due to session timeout even when user is typing or using the webpage #133
Proposal: Return the remaining time for the end of the session by REST API. This will add a functionality in the UI, that will popup a warning asking if user wants to keep it logged. More information on issue: https://github.com/kimchi-project/wok/issues/133 Doubts: How i will return this on the header? Where timeout of authentication (session) is ? -- Ramon Nunes Medeiros Kimchi Developer Linux Technology Center Brazil IBM Systems & Technology Group Phone : +55 19 2132 7878 ramonn@br.ibm.com
On Jul 19 09:55AM, Ramon Medeiros wrote:
Proposal:
Return the remaining time for the end of the session by REST API. This will add a functionality in the UI, that will popup a warning asking if user wants to keep it logged.
More information on issue: https://github.com/kimchi-project/wok/issues/133
Doubts: How i will return this on the header?
Not sure, but googling a little bit I found that HTTP Response Header has a field called 'Expires': https://tools.ietf.org/html/rfc7234#section-5.3 For more information about Response Header Fields: https://tools.ietf.org/html/rfc7231#section-7
Where timeout of authentication (session) is ?
'session_timeout' is a variable present in Wok's configuration file (src/wok.conf.in line 27) and set in src/wok/config.py.in (line 273). You can get it's value in backend, just importing wok.config and reading it's value: import wok.config as config session_timeout = config.config.get("server", "session_timeout")
--
Ramon Nunes Medeiros Kimchi Developer Linux Technology Center Brazil IBM Systems & Technology Group Phone : +55 19 2132 7878 ramonn@br.ibm.com
_______________________________________________ Kimchi-devel mailing list Kimchi-devel@ovirt.org http://lists.ovirt.org/mailman/listinfo/kimchi-devel
-- Paulo Ricardo Paz Vital Linux Technology Center, IBM Systems http://www.ibm.com/linux/ltc/
On 07/19/2016 07:26 PM, Paulo Ricardo Paz Vital wrote:
On Jul 19 09:55AM, Ramon Medeiros wrote:
Proposal:
Return the remaining time for the end of the session by REST API. This will add a functionality in the UI, that will popup a warning asking if user wants to keep it logged.
More information on issue: https://github.com/kimchi-project/wok/issues/133
Doubts: How i will return this on the header? Not sure, but googling a little bit I found that HTTP Response Header has a field called 'Expires':
https://tools.ietf.org/html/rfc7234#section-5.3
For more information about Response Header Fields:
Look at render() function in src/wok/template.py Please, define the header name to do no block the UI development.
Where timeout of authentication (session) is ? 'session_timeout' is a variable present in Wok's configuration file (src/wok.conf.in line 27) and set in src/wok/config.py.in (line 273). You can get it's value in backend, just importing wok.config and reading it's value:
import wok.config as config session_timeout = config.config.get("server", "session_timeout")
No no! This session_timeout is the number of minutes that a session can remain idle before the server terminates it automatically. That value needed by Ramon is related to the last access which refreshed the session. Ramon, In that case, the information is hold by cherrypy.session cherrypy.session is a dict with the following data: [('username', u'guest'), ('robot-refresh', 1469022245.734541), ('roles', {'templates': 'user', 'guests': 'user', 'network': 'user', 'administration': 'user', 'storage': 'user', 'dashboard': 'user', 'system services': 'user', 'updates': 'user'}), ('groups', ['guest'])] the 'robot-refresh' contains the timestamp from the last requested. You can check check_auth_session() in src/wok/auth.py to understand how that value is set (time.time()) Also, do not use 'robot-refresh' hardcoded in your code. Use the constants defined in src/wok/auth.py So to get the amount of time the session will be alive you need to do: current_time = time.time() last_request = cherrypy.session[REFRESH] session_expires = last_request + (session_timeout * 60) still_alive = session_expires - current_time I hope it helps you.
--
Ramon Nunes Medeiros Kimchi Developer Linux Technology Center Brazil IBM Systems & Technology Group Phone : +55 19 2132 7878 ramonn@br.ibm.com
_______________________________________________ Kimchi-devel mailing list Kimchi-devel@ovirt.org http://lists.ovirt.org/mailman/listinfo/kimchi-devel
On 07/20/2016 10:50 AM, Aline Manera wrote:
On 07/19/2016 07:26 PM, Paulo Ricardo Paz Vital wrote:
On Jul 19 09:55AM, Ramon Medeiros wrote:
Proposal:
Return the remaining time for the end of the session by REST API. This will add a functionality in the UI, that will popup a warning asking if user wants to keep it logged.
More information on issue: https://github.com/kimchi-project/wok/issues/133
Doubts: How i will return this on the header? Not sure, but googling a little bit I found that HTTP Response Header has a field called 'Expires':
https://tools.ietf.org/html/rfc7234#section-5.3
For more information about Response Header Fields:
Look at render() function in src/wok/template.py Please, define the header name to do no block the UI development.
Where timeout of authentication (session) is ? 'session_timeout' is a variable present in Wok's configuration file (src/wok.conf.in line 27) and set in src/wok/config.py.in (line 273). You can get it's value in backend, just importing wok.config and reading it's value:
import wok.config as config session_timeout = config.config.get("server", "session_timeout")
No no!
This session_timeout is the number of minutes that a session can remain idle before the server terminates it automatically.
That value needed by Ramon is related to the last access which refreshed the session.
Ramon, In that case, the information is hold by cherrypy.session
cherrypy.session is a dict with the following data:
[('username', u'guest'), ('robot-refresh', 1469022245.734541), ('roles', {'templates': 'user', 'guests': 'user', 'network': 'user', 'administration': 'user', 'storage': 'user', 'dashboard': 'user', 'system services': 'user', 'updates': 'user'}), ('groups', ['guest'])]
the 'robot-refresh' contains the timestamp from the last requested.
You can check check_auth_session() in src/wok/auth.py to understand how that value is set (time.time())
Also, do not use 'robot-refresh' hardcoded in your code. Use the constants defined in src/wok/auth.py
So to get the amount of time the session will be alive you need to do:
current_time = time.time() last_request = cherrypy.session[REFRESH] session_expires = last_request + (session_timeout * 60) still_alive = session_expires - current_time
I hope it helps you.
From what Peter requested at https://github.com/kimchi-project/wok/issues/133#issuecomment-232752799 he wants to have the time the session ends. So it would be cherrypy.session[REFRESH] + (session_timeout * 60) Please, consider the right data format when doing that count. Also to renew the session we can use the API /tasks
--
Ramon Nunes Medeiros Kimchi Developer Linux Technology Center Brazil IBM Systems & Technology Group Phone : +55 19 2132 7878 ramonn@br.ibm.com
_______________________________________________ Kimchi-devel mailing list Kimchi-devel@ovirt.org http://lists.ovirt.org/mailman/listinfo/kimchi-devel
_______________________________________________ Kimchi-devel mailing list Kimchi-devel@ovirt.org http://lists.ovirt.org/mailman/listinfo/kimchi-devel
Maybe it was a little confused. I guess it would be better to have the remaining time in seconds in the header parameter. If we have the time the session ends, front end will have to compare it with the local time of user's machine. This local time can not be correct. Whether I have the remaining time, I don't need to comparate it with the local time. Any suggestions, let me know Tks Peter 2016-07-20 11:14 GMT-03:00 Aline Manera <alinefm@linux.vnet.ibm.com>:
On 07/20/2016 10:50 AM, Aline Manera wrote:
On 07/19/2016 07:26 PM, Paulo Ricardo Paz Vital wrote:
On Jul 19 09:55AM, Ramon Medeiros wrote:
Proposal:
Return the remaining time for the end of the session by REST API. This will add a functionality in the UI, that will popup a warning asking if user wants to keep it logged.
More information on issue: https://github.com/kimchi-project/wok/issues/133
Doubts: How i will return this on the header?
Not sure, but googling a little bit I found that HTTP Response Header has a field called 'Expires':
https://tools.ietf.org/html/rfc7234#section-5.3
For more information about Response Header Fields:
Look at render() function in src/wok/template.py Please, define the header name to do no block the UI development.
Where timeout of authentication (session) is ?
'session_timeout' is a variable present in Wok's configuration file (src/wok.conf.in line 27) and set in src/wok/config.py.in (line 273). You can get it's value in backend, just importing wok.config and reading it's value:
import wok.config as config session_timeout = config.config.get("server", "session_timeout")
No no!
This session_timeout is the number of minutes that a session can remain idle before the server terminates it automatically.
That value needed by Ramon is related to the last access which refreshed the session.
Ramon, In that case, the information is hold by cherrypy.session
cherrypy.session is a dict with the following data:
[('username', u'guest'), ('robot-refresh', 1469022245.734541), ('roles', {'templates': 'user', 'guests': 'user', 'network': 'user', 'administration': 'user', 'storage': 'user', 'dashboard': 'user', 'system services': 'user', 'updates': 'user'}), ('groups', ['guest'])]
the 'robot-refresh' contains the timestamp from the last requested.
You can check check_auth_session() in src/wok/auth.py to understand how that value is set (time.time())
Also, do not use 'robot-refresh' hardcoded in your code. Use the constants defined in src/wok/auth.py
So to get the amount of time the session will be alive you need to do:
current_time = time.time() last_request = cherrypy.session[REFRESH] session_expires = last_request + (session_timeout * 60) still_alive = session_expires - current_time
I hope it helps you.
From what Peter requested at https://github.com/kimchi-project/wok/issues/133#issuecomment-232752799 he wants to have the time the session ends.
So it would be cherrypy.session[REFRESH] + (session_timeout * 60)
Please, consider the right data format when doing that count.
Also to renew the session we can use the API /tasks
--
Ramon Nunes Medeiros Kimchi Developer Linux Technology Center Brazil IBM Systems & Technology Group Phone : +55 19 2132 7878 ramonn@br.ibm.com
_______________________________________________ Kimchi-devel mailing list Kimchi-devel@ovirt.org http://lists.ovirt.org/mailman/listinfo/kimchi-devel
Kimchi-devel mailing list Kimchi-devel@ovirt.org http://lists.ovirt.org/mailman/listinfo/kimchi-devel
_______________________________________________ Kimchi-devel mailing list Kimchi-devel@ovirt.org http://lists.ovirt.org/mailman/listinfo/kimchi-devel
participants (4)
-
Aline Manera -
Paulo Ricardo Paz Vital -
Peter Pennings -
Ramon Medeiros