Cached sessions always have an expiration of getSessionIdUnauthenticatedUnusedLifetime

By: Guy Parker named 09 Oct 2017 at 9:31 a.m. CDT

8 Responses
Guy Parker gravatar
Using an open id connect client configuration that worked with 3.0.2 we found that our sessions were dying after 2 minutes after upgrading to 3.1.0. We tracked this to putInCache in SessionIdService.java. We believe that either putInCache fails to actually update an existing cached value or that an updated value fails to respect the longer expiration of getSessionIdLifetime after authentication has occurred. We updated putInCache to remove any existing cached value before the new value is put into the cache. This change would appear to correctly give us cached values with an expiration appropriate for if the session is authenticated or not.
CentOS 7.2
closed

Answers

By Yuriy Zabrovarnyy staff 09 Oct 2017 at 9:46 a.m. CDT

Copy
Yuriy Zabrovarnyy gravatar
Thanks for this ticket. What cache provider are you using ? Is it `in-memory` cache provider ?

By Yuriy Zabrovarnyy staff 09 Oct 2017 at 10:01 a.m. CDT

Copy
Yuriy Zabrovarnyy gravatar
Also would you be so kind to give exact changes (diff) you've made ? Thanks in advance, Yuriy

By Guy Parker named 09 Oct 2017 at 11:46 a.m. CDT

Copy
Guy Parker gravatar
Hi Yuriy, Yep we are using the in-memory cache option. The diff on /src/main/java/org/xdi/oxauth/service/SessionIdService.java is: ``` 535,537d534 < if (null != cacheService.get(null,sessionId.getId())) { < cacheService.remove(null,sessionId.getId()); < } ```

By Yuriy Zabrovarnyy staff 10 Oct 2017 at 3:01 a.m. CDT

Copy
Yuriy Zabrovarnyy gravatar
I tested it with `redis` and it works perfectly. For `in-memory` I have to confirm that there was problem if entry was put into map before then expiration was not updated on `put` operation. Ticket was opened and already fixed ``` https://github.com/GluuFederation/oxCore/issues/53 ``` Thanks, Yuriy

By Guy Parker named 10 Oct 2017 at 3:22 a.m. CDT

Copy
Guy Parker gravatar
Thanks for quick turn around Yuriy! We'll test that when 3.1.1 is available and we'll look at redis since it will likely make clustering easier. Is there a release date for 3.1.1 yet?

By William Lowe user 10 Oct 2017 at 8:20 a.m. CDT

Copy
William Lowe gravatar
Hey Guy, We're getting ready to release it today. Thanks! Will

By Michael Schwartz Account Admin 10 Oct 2017 at 4:03 p.m. CDT

Copy
Michael Schwartz gravatar
It's released. Please re-open this issue if it persists after 3.1.1

By William Lowe user 10 Oct 2017 at 4:05 p.m. CDT

Copy
William Lowe gravatar
Upgrade instructions here: [https://gluu.org/docs/ce/upgrade/](https://gluu.org/docs/ce/upgrade/)

Post an answer