Uploaded image for project: 'Camunda Optimize'
  1. Camunda Optimize
  2. OPT-1918 Implement a distributed user session
  3. OPT-1925

Implement server-side stateless session handling

XMLWordPrintable

      AT:

      • session state is not maintained in Optimize instances (no stored expiry date)
      • session validity is purely based on the JWT encrypted with a secret
      • expiration of session is based on the JWT creation time
      • secret used to encrypt the JWT is configurable, config value defaults to null for which the application generates a random secret on startup used to encrypt all tokens
      • new login with same credentials doesn't kill existing sessions for same credentials

      Note:
      Currently user sessions are stored and their lifetime maintained inside SessionService. This blocks us from providing easy clustering support regardless of the load-balancer policy used, as a session created by one particular Optimize instance is only valid in that exact instance.

        This is the controller panel for Smart Panels app

              Unassigned Unassigned
              sebastian.bathke Sebastian Bathke
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated:
                Resolved: