Vojtech Szocs has posted comments on this change. Change subject: webadmin: Adapt UI plugin infra REST session timeout ......................................................................
Patch Set 1: (1 comment) Alon, please see my inline comment. http://gerrit.ovirt.org/#/c/36737/1/frontend/webadmin/modules/webadmin/src/main/java/org/ovirt/engine/ui/webadmin/plugin/restapi/RestApiSessionManager.java File frontend/webadmin/modules/webadmin/src/main/java/org/ovirt/engine/ui/webadmin/plugin/restapi/RestApiSessionManager.java: Line 120: // Engine session expiration happens through periodic "cleanExpiredUsersSessions" job Line 121: // whose periodicity is same as Engine session timeout (UserSessionTimeOutInterval). Line 122: // Because of that, Engine sessions can stay active up to 2 * UserSessionTimeOutInterval Line 123: // so we adapt REST API session timeout accordingly. Line 124: restApiSessionTimeout = 2 * engineSessionTimeout; > it is session timeout duration, not sure how it is related to engine sessio Yes, in above code, "restApiSessionTimeout" controls lifespan of REST HttpSession. Quoting Einav's comment at http://gerrit.ovirt.org/#/c/36622/ " consider the following scenario: UserSessionTimeOutInterval=2 * 12:00:00: engine expires expired sessions. * 12:00:01: user login to web-admin, web-admin http session (w1), rest-api http session (r1) are created, all pointing to a newly-created engine session (e1). there is no user interaction, the ui-plugins are not performing any rest-api requests. * 12:02:00: engine expires expired sessions. e1 is 1m59sec old, so it is not expired. w1 and r1 are still alive as well (their TTL is 2 minutes, just like UserSessionTimeOutInterval). * 12:02:01: r1 is expired. e1 is still alive (and will be until 12:04:00). * 12:02:02: user performs an action / ui-plugin makes a rest-api request -> a rest-api request is performed (either immediately, or sometime in the upcoming minute). r1 is expired, therefore rest-api request cannot be fulfilled -> browser displays a credentials-request-for-rest-api pop-up. " This patch is to ensure that UI plugin infra's REST HttpSession doesn't expire in worst case scenario, where Engine session is active up to 2 * of its defined timeout. Line 125: } Line 126: Line 127: /** Line 128: * Build HTTP request to keep-alive existing REST API session. -- To view, visit http://gerrit.ovirt.org/36737 To unsubscribe, visit http://gerrit.ovirt.org/settings Gerrit-MessageType: comment Gerrit-Change-Id: Ifa95dba9b1f9647369bd817995c1cbd86f1e528f Gerrit-PatchSet: 1 Gerrit-Project: ovirt-engine Gerrit-Branch: master Gerrit-Owner: Vojtech Szocs <vsz...@redhat.com> Gerrit-Reviewer: Alexander Wels <aw...@redhat.com> Gerrit-Reviewer: Alon Bar-Lev <alo...@redhat.com> Gerrit-Reviewer: Einav Cohen <eco...@redhat.com> Gerrit-Reviewer: Oved Ourfali <oourf...@redhat.com> Gerrit-Reviewer: Vojtech Szocs <vsz...@redhat.com> Gerrit-Reviewer: automat...@ovirt.org Gerrit-Reviewer: oVirt Jenkins CI Server Gerrit-HasComments: Yes _______________________________________________ Engine-patches mailing list Engine-patches@ovirt.org http://lists.ovirt.org/mailman/listinfo/engine-patches
