client/webserver: allow multiple authorized sessions #1012
Merged
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This allow multiple authenticated client http sessions by tracking multiple cookies in the WebServer. You can now login in different browsers without one login invalidating the other's auth cookie.
Logout ends all authenticated sessions however. This is done because the logout route also performs
(*Core).Logout
, crippling other authenticated http sessions. Also, if we just removed the auth token for the one session performing the logout, the backend would really have no way to keep the map clean and it could conceivable keep filling up if requests kept reauthing and not logging out.