Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Logging into separate running instances on same IP #90

Closed
ianbattersby opened this issue Sep 23, 2015 · 2 comments
Closed

Logging into separate running instances on same IP #90

ianbattersby opened this issue Sep 23, 2015 · 2 comments

Comments

@ianbattersby
Copy link
Contributor

I think this is a cookie/auth issue, but here is the scenario:

  1. Start a (clustered in my case) EventStore with 3 nodes all running on 127.0.0.1 but appropriately different ports (int-tcp, ext-tcp, int-http, ext-http - 127.0.0.1:2113,2114,3113,3114,4113,4114).
  2. Log into first instance on http://localhost:2114 and browse it's data
  3. Start a second (single in this case) EventStore pointing at a different DB location, running on 127.0.0.1 but with a different tcp/http port to the first (127.0.0.1:7113,7114).
  4. Browse to URL http://localhost:7114 and w/o logging in browse it's data, but it shows the data from the first instance, not the second, as the session is still looking at 2114.
  5. Log out of browser session and log back into second instance at http://localhost:7114, this time logging in explicitly to this instance, now shows data from second instance.

Although I appreciate running multiple copies on the same IP and different ports is unusual, it seems like it would be safer for the cookie/auth to handle this more explicitly? Perhaps it could store the connected instance port against the browsed port, and if these change, log you out?

URI: http://localhost:2114
Session: 127.0.0.1:2114

When checking session version these two elements remain in sync and log out if not. There if then browsing to http://localhost:7114 there would be a mismatch and the session abandoned.
@Gutek
Copy link
Contributor

Gutek commented Sep 23, 2015

its a combination of cookie issue (its not port agnostic) and how we do auth.

hosting it locally with saved credentials - we can ignore cookie, and then we will have issue with asking user to auth each time.

we can use localStorage but this will then need to figure out somehow instance of UI...

i know this is painful however, i can see nice workaround without taking out some functionality from end user. @pgermishuys can you see some sort of solution here? we have cookie as Greg wanted and its a nice ux.

@pgermishuys
Copy link
Contributor

I would like to play with the local storage solution again. There was a branch that addressed this very same issue, but I cannot find it locally.

I'll aim to get this in for 3.3.0 as well.

@pgermishuys pgermishuys mentioned this issue Oct 5, 2015
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@ianbattersby @Gutek @pgermishuys