Open GlennRicaud opened 7 years ago
Set session timeout to 36hours for now (No sensitive info and the typical period of use is once every day).
Will implement this in next version. I set it back to backlog
Is this timeout set in XP or officeLeague? Ideally we should re-auth users automatically if possible instead?
On 30 May 2017, at 13:50, Glenn Ricaud notifications@github.com wrote:
Set session timeout to 36hours for now (No sensitive info and the typical period of use is once every day).
Will implement this in next version. I set it back to backlog
— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/enonic/app-office-league/issues/239#issuecomment-304854615, or mute the thread https://github.com/notifications/unsubscribe-auth/AAdbtHrdkH7_WMtpry3EdwePYIYWDydvks5r_AKNgaJpZM4NlBig.
Basically there are two cases that return exceptions
1 - So we could adapt GraphQL lib and try to handle these exceptions. But it might take time and handling different cases of errors in difference context (diff 401/403 for example) might be complex. 2 - Or we can try to implement something similar to Enonic Admin LostConnectionDetector (A request sent every 15s and redirect to login if it is a session expiration (connection available, defined as logged in in cache, but result saying that the user is not authenticated). The risk here is to have this in the middle of a game. 3 - We could check the session only on actions that require modifications. But it is not very generic and we will forget some cases for sure.
=> Will try to implement solution 2 with following algo