You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@couchdb.apache.org by GitBox <gi...@apache.org> on 2018/10/02 14:47:48 UTC
[GitHub] rnewson commented on issue #1619: Implement replicator forced
session refresh
rnewson commented on issue #1619: Implement replicator forced session refresh
URL: https://github.com/apache/couchdb/pull/1619#issuecomment-426302320
I'm +0 on this. It doesn't properly fix the problem we introduced when we taught the replicator to acquire session cookies if the user has changed the session timeout parameter.
A better fix is for expired cookies to return a 401 rather than silently fall back to the next auth handler. Since that is a profoundly backward incompatible change it would need to be opt-in.
The replicator would do `POST /_session?hard_expire=true` to acquire a session cookie.
The server, when presented with an expired cookie returned by that method will throw an unauthorized error, which in turn forces the replicator to acquire a fresh one.
This should be done in addition to a periodic refresh ahead of the expiration to avoid stalling replication progress during the refresh.
I also note that the session cookie response header tells us exactly when it expires, and this value, not a hardcoded 550 should be used to determine when to pre-emptively refresh.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services