client/webserver: allow multiple authorized sessions #1012
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
chappjc
force-pushed
the
http-multi-login
branch
from
f807aaa
to
2af409a
Compare
chappjc
force-pushed
the
http-multi-login
branch
from
2af409a
to
a8bdbc4
Compare
buck54321
approved these changes
Mar 29, 2021
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This allow multiple authenticated client http sessions by tracking multiple cookies in the WebServer. You can now login in different browsers without one login invalidating the other's auth cookie.
Logout ends all authenticated sessions however. This is done because the logout route also performs
(*Core).Logout, crippling other authenticated http sessions. Also, if we just removed the auth token for the one session performing the logout, the backend would really have no way to keep the map clean and it could conceivable keep filling up if requests kept reauthing and not logging out.