Skip to content
Snippets Groups Projects
Commit 46c0a9fe authored by Christian Pointner's avatar Christian Pointner
Browse files

session cleanup is purely done by maintenance task

parent 89e20bad
No related branches found
No related tags found
No related merge requests found
......@@ -154,7 +154,7 @@ func deleteSession() http.Handler {
sendHTTPInvalidSessionResponse(w)
return
}
auth.sessions.remove(s.ID())
s.setState(SessionStateLoggedOut)
sendHTTPResponse(w, http.StatusOK, "you are now logged out")
})
}
......
......@@ -335,8 +335,9 @@ func TestAuthDeleteSession(t *testing.T) {
t.Fatalf("unexpected reponse code: %d (%s)", rr.Code, http.StatusText(rr.Code))
}
if len(auth.sessions.sessions) != 0 {
t.Fatalf("session wasn't removed from session manager")
sOut := auth.sessions.get(s.ID())
if sOut != nil && sOut.State() == SessionStateLoggedIn {
t.Fatalf("session is still logged in")
}
}
......
......@@ -63,7 +63,7 @@ func (os *OIDCSession) refresh(ctx context.Context, in *Session) (*Session, erro
// TODO this needs more testing!!
func refreshSession(s *Session) {
ticker := time.NewTicker(5 * time.Minute) // TODO: hardcoded value
ticker := time.NewTicker(15 * time.Second) // TODO: hardcoded value
defer ticker.Stop()
errCnt := 0
......
......@@ -239,11 +239,7 @@ func getSessionFromBearerToken(r *http.Request) *Session {
}
s := auth.sessions.get(sID)
if s == nil || s.secret != secret {
return nil
}
if !s.Valid() {
auth.sessions.remove(sID)
if s == nil || s.secret != secret || !s.Valid() {
return nil
}
......@@ -277,7 +273,7 @@ func NewSessionManager(c SessionsConfig) (sm *SessionManager, err error) {
}
func (sm *SessionManager) runMaintenance() {
t := time.NewTicker(time.Minute * 5)
t := time.NewTicker(10 * time.Second) // TODO: hardcoded value
for {
<-t.C
sm.cleanup()
......@@ -344,20 +340,6 @@ func (sm *SessionManager) update(s *Session) error {
return nil
}
func (sm *SessionManager) remove(id string) {
sm.mutex.Lock()
defer sm.mutex.Unlock()
s, ok := sm.sessions[id]
if !ok {
return
}
delete(sm.sessions, id)
s.setState(SessionStateRemoved)
s.cleanup()
auth.dbgLog.Printf("authentication: removed session %s", id)
}
func (sm *SessionManager) cleanup() {
sm.mutex.Lock()
defer sm.mutex.Unlock()
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment