Session handling #865
Merged
Session handling #865
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Codecov Report
@@ Coverage Diff @@
## master #865 +/- ##
=========================================
+ Coverage 7.57% 7.58% +0.01%
=========================================
Files 822 824 +2
Lines 26113 26236 +123
Branches 5834 5864 +30
=========================================
+ Hits 1978 1991 +13
- Misses 21756 21859 +103
- Partials 2379 2386 +7
Continue to review full report at Codecov.
|
|
Opening a dialog is a user action indicating that she is active. This should imho renew the session just like using the pagination and a filter change should. I don't know right now, though, how much of an effort implementing this would be and if it's ultimately worth it... |
|
@swaterkamp thanks for you opinion. It's not much more effort. I'll add another action creator function that renews the session and updates the session timestamp in the store. This action creator function has to be called in all open dialog methods afterwards. |
swaterkamp
previously approved these changes
Aug 10, 2018
Add user_get_session_timeout function to return the session timeout as a unix timestamp.
Don't renew the user session if user_find is called. This is currently the case for all http requests with required user authentication.
When calling user_find avoid comparing against NULL string.
Add a http post gmp cmd to renew the user sesssion.
The promise returned by gmp.user.renewSession() returns a moment date when the user session ends.
They aren't used in GSA so we should removed the params from the response. In future the params parameter should be removed too.
Using moment from our own module allows to use the imported translations.
Return the session timeout in every response containing an envelope.
Every post request should be triggerd by user interaction. Therefore the user session should be extended on such requests.
Add reducer, selector and action for putting the session timeout into the redux store.
We don't need to dispatch actions if the variables are not defined.
Initialize the sessionTimeout in the store after a successful login.
The SessionObserver component is responsibe to renew the use session if the user changes the location and to initalize the session timeout in the store for reloads.
The function calls the gmp api to renew the users session in the backend and updates the session timeout in the store on success.
Clarify the unit of the wait parameter.
Comparing the location object for identity isn't enough. The session should only be renewed if the current page has changed. This is the case if the pathname or the query parameters have changed.
There are still some interactions missing which should renew the session on specific list pages like opening the create and edit dialogs (or the task wizards).
This also removes the withUserName HOC from Titlebar.
This avoids clearing the store before the components are unmounted because gmp.logout will call all logout listeners which will clear the store in app.js.
Setting the autorefresh interval to zero should deactivate the timers.
Don't use componentWillMount anymore. This api is deprecated.
Don't handle renewing the session on successfull changing data. This will be done at the containers.
Ensure gmp.isLoggedIn return false before the location is changed.
Renew session if the entity or corresponding data (like references tags) have changed.
swaterkamp
approved these changes
Aug 10, 2018
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Renew user session only if:
Missing renews:
should the session be renewed in this case?Yes it should)Task dialogsthe pagination is used at the list pagesfilter is changed at the list pagesDashboard changesMissing features:
session timeout isn't updated in the redux store after POST requestsWeb code should always renew the session via api explicitly