Actually, that's a really good idea that I had not thought of to get a semi-definitive answer.
I opened up the google console and tracked network traffic. I do see the Authorization header on the HTTP API calls along with the OSESSIONID even after login and within the session timeout period. I looked at the orientdb-api.js API (in the distribution's www/js folder) as well and I could see the auth getting sent for the open call but not on some of the others. But the API did not appear to manipulate sessionids at all so I'm not sure how it is handled. As near as I can tell, the OSESSIONID allows you to optimize the request but it still requires the auth header. 1. Remote Address: ::1:2480 2. Request URL: http://localhost:2480/command/dmm/sql/-/20?format=rid,type,version,shallow,class,graph 3. Request Method: POST 4. Status Code: 200 OK 5. Request Headersview source 1. Accept: application/json, text/plain, */*, application/json 2. Accept-Encoding: gzip,deflate,sdch 3. Accept-Language: en-US,en;q=0.8 4. Authorization: Basic YWRtaW46YWRtaW4= 5. Connection: keep-alive 6. Content-Length: 18 7. Content-Type: application/json;charset=UTF-8 8. Cookie: OSESSIONID=OS14015836464586386280545031455507 9. Host: localhost:2480 10. Origin: http://localhost:2480 11. Referer: http://localhost:2480/studio/index.html 12. User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36 6. Query String Parametersview sourceview URL encoded 1. format: rid,type,version,shallow,class,graph 7. Request Payload 1. select * from role On Saturday, May 31, 2014 12:07:07 PM UTC-4, Lvc@ wrote: > > Hi, > 1) Look at Studio: put the OSESSIONID in the request's header. > 2) You could set the property "network.http.sessionExpireTimeout" that now > is 300 seconds (5 minutes). > >> >>>>> -- --- You received this message because you are subscribed to the Google Groups "OrientDB" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
