search

alphagov / govuk-prototype-kit

Rapidly create HTML prototypes of GOV.UK services
https://prototype-kit.service.gov.uk
MIT License
303 stars 236 forks source link

Request for manifest creates many sessions #2400

Open joelanman opened 6 months ago

joelanman commented 6 months ago

Description of the issue

As discovered here, a new session is created for every request to the manifest. This creates many unneeded files

Steps to reproduce the issue

In the browser, go to a page in the prototype Each time this happens a new session file appears in .tmp/sessions

Actual vs expected behaviour

Only one session should be created per client

Environment (where applicable)

Workaround

To workaround, add this line to your layouts file (for example app/views/layouts/main.html)

{% block headIcons %}{% endblock %}
36degrees commented 6 months ago

Thanks @joelanman – raising this was on my list of things to do this morning so now I can tick that off! 😝

ed6767 commented 4 months ago

+1

We had extensive load times and thousands of requests on our prototype service that's only availible to authenticated users, so a maximum of 3-4 users at a time image image

We were able to resolve by adding {% block headIcons %}{% endblock %} to app/views/layouts/main.html

oscarduignan commented 4 months ago

this happens because requests for manifests are done without any cookies, but the handler in the prototype kit serving the manifest file still checks that the request is authenticated, and when it isn't (because browsers don't send cookies) it redirects that request to the login page - which creates a new session - and won't occur locally since auth isn't turned on

oscarduignan commented 4 months ago

guess the manifest file should be added to https://github.com/alphagov/govuk-prototype-kit/blob/c0e707982e3e08dc5b43b7467196145fb96a29ba/lib/authentication.js#L9