[OPT-1925] Implement server-side stateless session handling

Type: Sub-task
Resolution: Fixed
Priority: L3 - Default
Fix Version/s: 2.4.0-alpha2, 2.4.0
Affects Version/s: None
Component/s: backend
Labels:
- SUPPORT

AT:

session state is not maintained in Optimize instances (no stored expiry date)
session validity is purely based on the JWT encrypted with a secret
expiration of session is based on the JWT creation time
secret used to encrypt the JWT is configurable, config value defaults to null for which the application generates a random secret on startup used to encrypt all tokens
new login with same credentials doesn't kill existing sessions for same credentials

Note:
Currently user sessions are stored and their lifetime maintained inside SessionService. This blocks us from providing easy clustering support regardless of the load-balancer policy used, as a session created by one particular Optimize instance is only valid in that exact instance.

This is the controller panel for Smart Panels app

There are no comments yet on this issue.

Assignee:: Unassigned

Reporter:: Sebastian Bathke

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Created:: 08/Feb/19 11:35 AM

Updated:: 23/Jul/19 1:19 PM

Resolved:: 27/Feb/19 2:25 PM

Camunda Optimize

Details

Description

mgm-controller-panel

This is the controller panel for Smart Panels app

Attachments

Activity

People

Dates

Salesforce