User session system #588

schneijan · 2021-05-31T23:43:44Z

Removes the previous http-auth-based login system in favor of a session-based system. Core features:

On login, user sessions with unique session IDs are generated and stored in the MongoDB
No session state is kept on the server, instead everything is stored in the MongoDB ("stateless")
For performance reasons, a local cache on server remembers session IDs and associated users for a TTL of one minute
MongoDB repository and local cache are updated accordingly on logout of a user
Sessions expire automatically seven days after creation
Users with missing or invalid sessions are redirected to the login page
Username and password do not need to be sent with every server request anymore

Closes #571

schneijan · 2021-06-10T14:07:27Z

Fixed issue with non-https cookies.

schneijan · 2021-06-10T15:37:12Z

The API wiki page now describes how authentication works when using the REST API directly.

schneijan added 4 commits May 28, 2021 19:03

Fixes missing settings update and missing dependencies

738f083

First adjustments towards stateless user sessions

65c7ceb

Further adjustments

52b4d3b

Finished user session system

5e5af1e

schneijan requested a review from hirmerpl May 31, 2021 23:43

schneijan added 5 commits June 1, 2021 15:21

Added scheduled method for expiring sessions, re-ref to login page

c5f3915

Added version number to dependencies, removed secure field from cookie

4742af7

Fixed loading image on login page

6103ede

Another fix

9a3a163

Caffeeine dependency version did not match target java version

e7b4a45

hirmerpl merged commit aab55d6 into master Jun 23, 2021

hirmerpl deleted the user_sessions branch June 23, 2021 07:54

Provide feedback