[Engine-devel] REST session management

Yaniv Kaul ykaul at redhat.com
Mon Apr 16 11:03:26 UTC 2012


On 04/16/2012 11:44 AM, Oved Ourfalli wrote:
>
> ----- Original Message -----
>> From: "Geert Jansen"<gjansen at redhat.com>
>> To: "Miki Kenneth"<mkenneth at redhat.com>
>> Cc: "Oved Ourfalli"<ovedo at redhat.com>, "engine-devel"<engine-devel at ovirt.org>, "Eoghan Glynn"<eglynn at redhat.com>
>> Sent: Monday, April 16, 2012 11:34:26 AM
>> Subject: Re: [Engine-devel] REST session management
>>
>>
>> On 04/16/2012 10:04 AM, Miki Kenneth wrote:
>>
>>>> I Agree on that, although I'm not sure whether it is really needed
>>>> to
>>>> release the session, rather then rely on timeout.
>>>> If we indeed need to provide a way to release the session then I
>>>> agree this is the best alternative. But if we don't then it will
>>>> make the API to the client more (but not very) complex in that
>>>> manner.
>>   >
>>> I would go for both - release mechanism (for proper handling) and
>>> timeout mechanism for garbage collection.
>>> (refer to:
>>> http://blog.synopse.info/post/2011/05/24/How-to-implement-RESTful-authentication)
>> Agreed we need both. I think that for security purposes, it is
>> important
>> to have a "log out" function. That way, client applications can
>> decide
>> depending on their local security requirements whether or not it is
>> acceptable to leave a session open.
>>
> So (unless someone objects) let's go for option #2 (using the Prefer header on each and every request, and release the session once it is not there).

My only objection is that you implement a draft spec and implement a 
header without even bothering to register it - or asking if there is 
such an identical-purposed header with a different name which may get 
registered / is already in use somewhere.
Y.

>
> Thank you,
> Oved
>> Regards,
>> Geert
>>
> _______________________________________________
> Engine-devel mailing list
> Engine-devel at ovirt.org
> http://lists.ovirt.org/mailman/listinfo/engine-devel




More information about the Engine-devel mailing list