Details
-
Sub-task
-
Resolution: Fixed
-
L3 - Default
-
None
Description
AT:
- session state is not maintained in Optimize instances (no stored expiry date)
- session validity is purely based on the JWT encrypted with a secret
- expiration of session is based on the JWT creation time
- secret used to encrypt the JWT is configurable, config value defaults to null for which the application generates a random secret on startup used to encrypt all tokens
- new login with same credentials doesn't kill existing sessions for same credentials
Note:
Currently user sessions are stored and their lifetime maintained inside SessionService. This blocks us from providing easy clustering support regardless of the load-balancer policy used, as a session created by one particular Optimize instance is only valid in that exact instance.
mgm-controller-panel
This is the controller panel for Smart Panels app
Attachments
Issue Links
- mentioned in
-
Page Loading...