Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

AWS.Session.Set_Lifetime should not be called by users #151

Open
briot opened this issue May 6, 2020 · 3 comments
Open

AWS.Session.Set_Lifetime should not be called by users #151

briot opened this issue May 6, 2020 · 3 comments
Assignees
@TurboGit

Comments

@briot
Copy link
Contributor

briot commented May 6, 2020

A suggestion for documentation improvement. This cost me quite a while investigating why my users were logged out after 10min, despite me setting the lifetime to 1 day.

   procedure Set_Lifetime (Seconds : Duration);
   --  Set the lifetime for session data. At the point a session is deleted,
   --  reusing the session ID makes AWS.Status.Session_Timed_Out return True.
   --
   --  This subprogram should not be called directly by users. Instead, use
   --  AWS.Config.Set.Session_Lifetime. This is because starting the server will
   --  override any value previously set via Set_Lifetime, with the value set in the
   --  config.

Perhaps better would be to make this subprogram private, or even only in the body (I think it would work, but did not check in full details)
@TurboGit
Copy link
Collaborator

I'm confused by this. How can it be overwritten by any .ini file loaded since AWS loads the .ini at elaboration time, so before a user can call Set_Lifetime. I'm wondering if there is not something else that broke in your case!

@TurboGit TurboGit self-assigned this Jul 14, 2020
@anisimkov
Copy link
Contributor

anisimkov commented Jul 15, 2020
edited
Loading

The routine can be used to change session lifetime when HTTP server already started. The initial lifetime set happening on first server with session support start from it's configuration, See
AWS.Session.Control.Start call in aws-server.adb line 1168

I think we should not make this routine private.

@briot
Copy link
Contributor Author

briot commented May 6, 2021 

I'm confused by this. How can it be overwritten by any .ini file loaded since AWS loads the .ini at elaboration time, so before a user can call Set_Lifetime. I'm wondering if there is not something else that broke in your case!

My code is actually creating a Config object programmatically, as in

   declare
      Conf : AWS.Config.Object := AWS.Config.Get_Current;
   begin
      AWS.Config.Set.Session_Lifetime (3600.0 * 24.0);
      AWS.Server.Start
         (Web_Server => Server,
          Config     => Conf,
          Dispatcher => Handler);
   end;

So perhaps a better wording for the updated comment would be the following (also rewriting the part already there, which I find confusing):

   procedure Set_Lifetime (Seconds : Duration);
   --  Set the lifetime for session data.
   --  The session will no longer be valid after that elapsed time. Checking with
   --  AWS.Status.Session_Timed_Out will return True.
   --  The duration will be overwritten by any value set explicitly in a configuration object,
   --  via AWS.Config.Set.Session_Lifetime, when it is passed to AWS.Server.Start.
   --  An aws.ini file is loaded earlier though, so Set_Lifetime would override the value
   --  read from this file.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@TurboGit TurboGit

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@briot @TurboGit @anisimkov