Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

How to set session timeout ? #1713

Closed
RuneHanssens opened this issue Mar 10, 2020 · 3 comments
Closed

How to set session timeout ? #1713

RuneHanssens opened this issue Mar 10, 2020 · 3 comments
Assignees
@cy6erGn0m
Labels
question

Comments

@RuneHanssens
Copy link

How can I set a timeout on my session? I'm using sessions in combination with headers as said in the document (better for api/xhr). But I can't seem to find anything on how to expire my session after some time.
My session class looks like:

class Session(val name: String, val role: Role) : Principal
install(Sessions) {
        header<Session>("SESSION", SessionStorageMemory()
}

session<Session>{
    challenge {
        call.respond(HttpStatusCode.Unauthorized)
    }
    validate { session ->
       session
    }
}
@cy6erGn0m
Copy link
Contributor

Currenly, only two ad-hoc options: save timestamp into session ids or specify cookie expiration (applicable only with cookie session transport)

@e5l e5l added the question label Jun 4, 2020
@e5l
Copy link
Member

e5l commented Jun 4, 2020

I filed a separate issue for the feature request: #1925.

@e5l e5l closed this as completed Jun 4, 2020
@jonpeterson
Copy link

FWIW, I was able to work around this by defining my own SessionTracker.

class MySessionTracker : SessionTracker<MySession> {
    override suspend fun load(call: ApplicationCall, transport: String?): MySession? {
        // your session loading logic here
        // can check for expiration and return null if expired
        // return the session if valid
    }

    override suspend fun store(call: ApplicationCall, value: MySession): String {
        // your session storing logic here
        // return the session ID
    }

    override suspend fun clear(call: ApplicationCall) {
        // your session invalidation logic here
    }

    override fun validate(value: MySession) {
        // any other validation to perform when being set
    }
}

Unfortunately the builder functions on the Sessions feature don't allow for specifying your own SessionTracker, so you have to do something like this:

install(Sessions) {
    register(
        provider = SessionProvider(
            name = "cookie",
            type = MySession::class,
            transport = SessionTransportCookie(
                name = "myAuthCookieName",
                configuration = CookieConfiguration().apply {
                    path = "/"
                    secure = true
                    extensions["SameSite"] = "Lax"
                },
                transformers = emptyList()
            ),
            tracker = MySessionTracker()
        )
    )
}

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@cy6erGn0m cy6erGn0m

Labels
question
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@cy6erGn0m @e5l @jonpeterson @RuneHanssens