New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Changing watcher to disable cookies in shared http client #97591
Changing watcher to disable cookies in shared http client #97591
Conversation
Hi @masseyke, I've created a changelog YAML for you. |
Pinging @elastic/es-data-management (Team:Data Management) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This LGTM, but I do also have the be that person who asks "Do we think this is a breaking change?"
@@ -135,6 +135,12 @@ private CloseableHttpClient createHttpClient() { | |||
clientBuilder.evictExpiredConnections(); | |||
clientBuilder.setMaxConnPerRoute(MAX_CONNECTIONS); | |||
clientBuilder.setMaxConnTotal(MAX_CONNECTIONS); | |||
/* | |||
* This client will potentially be used by multiple users. We do not want it to keep any state like cookies, because that will | |||
* result in that state unexpectedlky being shared across all users. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Typo in unexpectedlky
Watcher uses a single apache http client to make all outgoing connections. This client is shared by any user of the watcher API, as well as scheduled watches. Currently this client supports cookies. A cookie set for one user will be shared by all users. Watcher is meant to be used with stateless http requests, so cookies don't offer any advantage. But it could cause problems if they are shared across users.