On 05/08/2015 18:02, Lucio Correia wrote:
On 08/05/2015 04:27 PM, Aline Manera wrote:
>
>
> On 05/08/2015 14:56, Lucio Correia wrote:
>> Hi Harshal,
>>
>> On 08/02/2015 01:45 PM, Harshal Patil wrote:
>>> Hi,
>>> In the 'wok' branch there isn't anything to detect if the session
has
>>> timed out on the browser side. On the other hand, on master (kimchi)
>>> there is '/vms' endpoint called every 5 seconds which kinda takes
care
>>> of making sure the user is indeed logged in.
>>> So I was wondering, if no one is already working on it, to introduce a
>>> '/auth' endpoint which we can poll every 5 seconds using ajax and
>>> based
>>> on the response status code we can either redirect to login page or
>>> just
>>> stay on the same page. This is useful in 'wok' because there
isn't any
>>> '/vms' endpoint which existed in master (kimchi) by default.
>>> I can submit a patch for review if this sounds good so far. Also, if
>>> there is a better way of doing it, I would love to hear about it.
>>> Harshal
>>>
>>>
>>
>> The 10-minutes time out is still working with wok branch. But it is
>> only verified if you leave it in "Host" or "Guests" tab.
Other tabs'
>> APIs don't send "wok-robot" in headers.
>>
>> Your proposal is good, you will need to send "wok-robot" in
'/auth'
>> headers, and remove the "wok-robot" from kimchi plugin's Host and
>> Guests API headers.
>
> Why do you need a API /auth to check the user is logged? Shouldn't the
> "wok-robot" header be enough to do that?
> Otherwise, we will increase significantly the number of the requests, as
> the real request would be send after a /auth request.
>
Good point Aline, we really don't need /auth. If we want timeout
checked for every request, I see two alternatives:
* drop wok-robot verification from check_auth_session() in
src/wok/auth.py.
* add wok-robot headers to requestJSON() in wok.api.js.
I prefer the second alternative. The 'wok-robot' header was created to
distinguish AJAX requests from user requests.
But I don't know why currently only hosts and guests tab use wok-robot.
Because only those tabs have logic to pool the request every X seconds.
In fact, we need to add this to every tab to keep consistence and
automatically logout user when session expires.