Closed
Bug 1019504
Opened 11 years ago
Closed 11 years ago
Loop server should update session expires for anonymous clients
Categories
(Hello (Loop) :: Server, defect)
Hello (Loop)
Server
Tracking
(Not tracked)
VERIFIED
FIXED
People
(Reporter: standard8, Assigned: alexis+bugs)
Details
(Whiteboard: [qa?])
Attachments
(1 file)
Currently the hawk session tokens for anonymous clients will expire 30 days (or the configured value) after the client first generates a push url, regardless of re-connections or new urls being generated.
As the ability to receive calls from urls is keyed to the token, this could cause the case where a user generates a url, but it only is valid for an hour, when it should be valid for 30 more days.
Really the session token should have its expiry refreshed at least every time a call url is generated, to ensure the token expiry is later than the call url expiry.
|
Assignee | |
Comment 2•11 years ago
|
||
Attachment #8433303 -
Flags: review?(rhubscher)
|
|
||
Updated•11 years ago
|
Whiteboard: [qa?]
|
|
Assignee | |
Comment 3•11 years ago
|
||
This fixes one part of it. https://github.com/mozilla-services/loop-server/commit/c03efe509ffcbfe61079c7dbb713eea6eb4c139b
This touches the session each time you authenticate (not only on registration and call-url generation).
I also need to update the configuration so that the hawk session duration is longer than the max duration of a call url.
Rémy pointed out it also increases the load on the redis cluster, since it does one more call there each time we authenticate. I believe we'll see with load testing if that's a problem or not.
|
|
Assignee | |
Comment 4•11 years ago
|
||
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
|
|
||
Updated•11 years ago
|
Attachment #8433303 -
Flags: review?(rhubscher) → review+
You need to log in
before you can comment on or make changes to this bug.
Description
•