joellubi commented on code in PR #40284:
URL: https://github.com/apache/arrow/pull/40284#discussion_r1509529296
##########
cpp/src/arrow/flight/sql/server_session_middleware.cc:
##########
@@ -80,7 +80,7 @@ class ServerSessionMiddlewareImpl : public
ServerSessionMiddleware {
Status CloseSession() override {
const std::lock_guard<std::shared_mutex> l(mutex_);
- if (static_cast<bool>(session_)) {
+ if (!static_cast<bool>(session_)) {
Review Comment:
@zeroshade I think that in the case @indigophox mentioned the client
middleware is actually behaving correctly. The problem with the C++ server
middleware is that it's unable to invalidate the cookie for an existing session
(i.e. it never sends `Set-Cookie: arrow_flight_session_id=<session-id>;
Max-Age=0`) so the client keeps the cookie stored, as it should. Then the next
time the client makes any request it sends the cookie (i.e. `Cookie:
arrow_flight_session_id=<session-id>`) along with it, but the server has
completely forgotten about that session and considers the token invalid.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
