On 05/08/2015 14:56, Lucio Correia wrote:

Hi Harshal,

On 08/02/2015 01:45 PM, Harshal Patil wrote:

...

Hi, In the 'wok' branch there isn't anything to detect if the session has timed out on the browser side. On the other hand, on master (kimchi) there is '/vms' endpoint called every 5 seconds which kinda takes care of making sure the user is indeed logged in. So I was wondering, if no one is already working on it, to introduce a '/auth' endpoint which we can poll every 5 seconds using ajax and based on the response status code we can either redirect to login page or just stay on the same page. This is useful in 'wok' because there isn't any '/vms' endpoint which existed in master (kimchi) by default. I can submit a patch for review if this sounds good so far. Also, if there is a better way of doing it, I would love to hear about it. Harshal

The 10-minutes time out is still working with wok branch. But it is only verified if you leave it in "Host" or "Guests" tab. Other tabs' APIs don't send "wok-robot" in headers.

Your proposal is good, you will need to send "wok-robot" in '/auth' headers, and remove the "wok-robot" from kimchi plugin's Host and Guests API headers.

Why do you need a API /auth to check the user is logged? Shouldn't the "wok-robot" header be enough to do that? Otherwise, we will increase significantly the number of the requests, as the real request would be send after a /auth request.

On 05/08/2015 18:02, Lucio Correia wrote:

On 08/05/2015 04:27 PM, Aline Manera wrote:

...

On 05/08/2015 14:56, Lucio Correia wrote:

...

Hi Harshal,

On 08/02/2015 01:45 PM, Harshal Patil wrote:

...

Hi, In the 'wok' branch there isn't anything to detect if the session has timed out on the browser side. On the other hand, on master (kimchi) there is '/vms' endpoint called every 5 seconds which kinda takes care of making sure the user is indeed logged in. So I was wondering, if no one is already working on it, to introduce a '/auth' endpoint which we can poll every 5 seconds using ajax and based on the response status code we can either redirect to login page or just stay on the same page. This is useful in 'wok' because there isn't any '/vms' endpoint which existed in master (kimchi) by default. I can submit a patch for review if this sounds good so far. Also, if there is a better way of doing it, I would love to hear about it. Harshal

The 10-minutes time out is still working with wok branch. But it is only verified if you leave it in "Host" or "Guests" tab. Other tabs' APIs don't send "wok-robot" in headers.

Your proposal is good, you will need to send "wok-robot" in '/auth' headers, and remove the "wok-robot" from kimchi plugin's Host and Guests API headers.

Why do you need a API /auth to check the user is logged? Shouldn't the "wok-robot" header be enough to do that? Otherwise, we will increase significantly the number of the requests, as the real request would be send after a /auth request.

Good point Aline, we really don't need /auth. If we want timeout checked for every request, I see two alternatives: * drop wok-robot verification from check_auth_session() in src/wok/auth.py. * add wok-robot headers to requestJSON() in wok.api.js.

I prefer the second alternative. The 'wok-robot' header was created to distinguish AJAX requests from user requests.

But I don't know why currently only hosts and guests tab use wok-robot.

Because only those tabs have logic to pool the request every X seconds. In fact, we need to add this to every tab to keep consistence and automatically logout user when session expires.