search

softwaremill / akka-http-session

Web & mobile client-side akka-http sessions, with optional JWT support
https://softwaremill.com/open-source/
Apache License 2.0
440 stars 58 forks source link

issue refreshing token #72

Open colinbes opened 5 years ago

colinbes commented 5 years ago

I am using refreshable and cookie options for session handling.

OneOff option works as expected but I am unable to get the refreshable option to work.

Setting session max-age to less than refresh max-age results in session timing (as expected).

If using directive requiredSession and session expires I get the following exception thrown (appears to be thrown by processing of directive:

LB, 13:15:43.135UTC ERROR[TheSystem-akka.actor.default-dispatcher-9] ActorSystemImpl - Error during processing of request: 'java.lang.NullPointerException (No error message supplied)'. Completing with 500 Internal Server Error response. To change default exception handling behavior, provide a custom ExceptionHandler. 
java.lang.NullPointerException: null
    at scala.concurrent.impl.Promise$Transformation.<init>(Promise.scala:382)
    at scala.concurrent.impl.Promise$DefaultPromise.flatMap(Promise.scala:140)
    at com.softwaremill.session.RefreshTokenManager.sessionFromValue(SessionManager.scala:180)
    at com.softwaremill.session.RefreshTokenManager.sessionFromValue$(SessionManager.scala:177)

I see the same behavior if I use directive optionalSession.

My understanding is that the refreshing of token (if using cookie based continuity) is done behind the scenes with no required interaction - is this correct?

Am I missing something? I assume I must be doing something wrong as I would imagine this issue would have been reported.

colinbes commented 3 years ago

Updated and cleaned up thread.

colinbes commented 3 years ago

Any ideas/comments? Not having a refresh cookie option (not working for me) means I’ll have to switch to using header option.

colinbes commented 3 years ago

In effort to further debug I changed using optionalSession directive for session as I read somewhere it offer more debug logging - well, lo and behold, using session works - so not sure what's up with using optionalSession.

This fails with NullPointer exception when session token expires

myOptionalSession.flatMap {
        case Some(session) => {
        ....

while this works

     mySession.flatMap { session =>
        val sessionM: Option[TheSession] = session.toOption

        sessionM match {
          case Some(session) => {
         ...

where 

    val myOptionalSession: Directive1[Option[TheSession]] = optionalSession(refreshable, usingCookies)
    def mySession = session(refreshable, usingCookies)
colinbes commented 3 years ago

Sad to not be seeing responses, hopefully this project is still going to be supported.

adamw commented 3 years ago

Thanks for the report, it will take a bit unfortunately before we get some free time to try and debug the issue. One thing that does go faster, though, is if you'd have a PR :)

colinbes commented 3 years ago

I will keeps looking but I haven’t found source of error yet. I thought I’d post as I go along in case it triggers ideas. Time this side is also tight but want to help

Sent from my iPhone

On Jun 17, 2021, at 2:44 AM, Adam Warski @.***> wrote:

 Thanks for the report, it will take a bit unfortunately before we get some free time to try and debug the issue. One thing that does go faster, though, is if you'd have a PR :)

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub, or unsubscribe.

adamw commented 3 years ago

Sure, documenting the discovery process is definitely a good idea :)