[Engine-devel] REST session management

Geert Jansen gjansen at redhat.com
Mon Apr 16 07:26:18 UTC 2012


Hi Oved,

+1 for this feature.

[[As a background to the others on the list, this feature is absolutely 
essential for certain types of ISV integration. Many ISVs need to mirror 
the RHEV inventory (i.e. all VMs, clusters, basically any object managed 
by RHEV) in realtime to their own database. The way they do this 
currently is by polling /api/events and look for changes. In order to be 
able to react to changes fast, they typically poll every 5 seconds. The 
query itself is very efficient, so it doesn't cause a whole lot of load 
on RHEV-M. But it floods the log with login/logout events. This 
persistent session feature is a solution for that.]]

Actually my vote would go for your variation #2:

    The client passes the "Prefer" header field on every request,
    besides the last one. When the server gets a request with a
    JSESSIONID, and without the "Prefer" header, it logs out the session.

It's mostly my gut feeling, but i would say it has these advantages:

1. It is more explicit, as on every request you confirm that you still 
want the authenticated session to be maintained.
2. It is also consistent with the default we have chosen of no 
persistent authentication.
3. It does not need a second header, so it is somewhat simpler.

Regards,
Geert

On 04/15/2012 01:06 PM, Oved Ourfalli wrote:
> Hey,
>
> The following wiki page describes a new feature - supporting session management via the REST API:
> http://www.ovirt.org/wiki/Features/RESTSessionManagement
>
> Please review and comment.
>
> Thank you,
> Oved

-- 
Geert Jansen
Sr. Product Marketing Manager, Red Hat Enterprise Virtualization

Red Hat S.r.L.           O: +39 095 916287
Via G. Fara 26           C: +39 348 1980079 (when in US: 415-623-0542)
Milan 20124, Italy       E: gjansen at redhat.com



More information about the Engine-devel mailing list