Uploaded image for project: 'Camunda Optimize'
  1. Camunda Optimize
  2. OPT-1918 Implement a distributed user session
  3. OPT-1925

Implement server-side stateless session handling

    XMLWordPrintable

    Details

    • Type: Sub-task
    • Status: Done
    • Priority: L3 - Default
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 2.4.0, 2.4.0-alpha2
    • Component/s: backend
    • Labels:

      Description

      AT:

      • session state is not maintained in Optimize instances (no stored expiry date)
      • session validity is purely based on the JWT encrypted with a secret
      • expiration of session is based on the JWT creation time
      • secret used to encrypt the JWT is configurable, config value defaults to null for which the application generates a random secret on startup used to encrypt all tokens
      • new login with same credentials doesn't kill existing sessions for same credentials

      Note:
      Currently user sessions are stored and their lifetime maintained inside SessionService. This blocks us from providing easy clustering support regardless of the load-balancer policy used, as a session created by one particular Optimize instance is only valid in that exact instance.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              Unassigned
              Reporter:
              sebastian.bathke Sebastian Bathke
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: