app-office-league icon indicating copy to clipboard operation
app-office-league copied to clipboard

Published 20 hours ago verified publisher icon enonic

Office League- Handling of timeout session (401 graphl requests)

Open GlennRicaud opened this issue 7 years ago • 2 comments

Basically there are two cases that return exceptions

  • NodeAccessException
    • GraphQLLib should return the cause of exceptions recursively
  • Custom exceptions:
    • GraphQLLib should return the cause of exceptions recursively
    • A method should be available in GraphQL lib to create exception object (Basically call __.toScriptValue). That would allow us to pass a mnessage and an error code 401/403
    • The ExecutionResultMapper should handle custom exceptions

1 - So we could adapt GraphQL lib and try to handle these exceptions. But it might take time and handling different cases of errors in difference context (diff 401/403 for example) might be complex. 2 - Or we can try to implement something similar to Enonic Admin LostConnectionDetector (A request sent every 15s and redirect to login if it is a session expiration (connection available, defined as logged in in cache, but result saying that the user is not authenticated). The risk here is to have this in the middle of a game. 3 - We could check the session only on actions that require modifications. But it is not very generic and we will forget some cases for sure.

=> Will try to implement solution 2 with following algo

  • If isLoggedIn, start following loop
    • If connection && not in game recording mode
      • Send request
        • If successful request and not authenticated
          • Redirect to login page

GlennRicaud avatar May 24 '17 12:05 GlennRicaud

Set session timeout to 36hours for now (No sensitive info and the typical period of use is once every day).

Will implement this in next version. I set it back to backlog

GlennRicaud avatar May 30 '17 11:05 GlennRicaud

Is this timeout set in XP or officeLeague? Ideally we should re-auth users automatically if possible instead?

On 30 May 2017, at 13:50, Glenn Ricaud [email protected] wrote:

Set session timeout to 36hours for now (No sensitive info and the typical period of use is once every day).

Will implement this in next version. I set it back to backlog

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/enonic/app-office-league/issues/239#issuecomment-304854615, or mute the thread https://github.com/notifications/unsubscribe-auth/AAdbtHrdkH7_WMtpry3EdwePYIYWDydvks5r_AKNgaJpZM4NlBig.

sigdestad avatar May 30 '17 14:05 sigdestad