> ----- Original Message ----- > From: "Vojtech Szocs" <vsz...@redhat.com> > Sent: Monday, May 13, 2013 10:23:30 AM > > Hi guys, > > just a quick update, recently we fixed an issue [1] with UI Plugin REST API > integration trying to keep-alive the current REST API session, which was > causing repeated "User logged in" events in GUI, along with new REST API > session created each time the heartbeat request was fired. Please refer to > commit message for more details on this issue. > > There are some things to be aware of with regard to UI Plugin REST API > integration: > - all plugins still receive a single session ID based on WebAdmin user > credentials, i.e. keep the current "single-admin-session-for-all-plugins" > behavior > - session timeout is set to 6 hours --> 2x more than default REST API session > timeout > - WebAdmin will *not* try to keep-alive the session via periodic heartbeat > requests, i.e. break the current > "keep-session-alive-while-user-stays-authenticated" behavior > > In practice, this means that after a user logs into WebAdmin, if no plugin > interacts with the REST API session via provided ID for more than 6 hours, > the session will time-out eventually. Unfortunately, for now, we can't > support the session keep-alive mechanism due to issues with HTTP > 'Authorization' header handling in web browsers, but with RFE [2] it would > be possible to re-implement the session keep-alive mechanism. > > On the other hand, we'll most likely revisit the current > "single-admin-session-for-all-plugins" behavior in future, i.e. have special > Engine users created for use with UI Plugin REST API integration, with > permissions of such users under control by the admin. This would change the > current behavior to something like "separate-user-session-for-each-plugin", > with individual plugins able to create their own REST API session on demand. > > Regards, > Vojtech > > [1] http://gerrit.ovirt.org/#/c/14411/
Thanks, Vojtech - just adding the missing RFE reference ([2]): [2] Bug 958861 - Support passing auth information without having to use HTTP Authorization header [https://bugzilla.redhat.com/show_bug.cgi?id=958861] _______________________________________________ Engine-devel mailing list Engine-devel@ovirt.org http://lists.ovirt.org/mailman/listinfo/engine-devel