Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Good job .i have a question .can you help me ? #5

Closed
dolia opened this issue Oct 11, 2013 · 2 comments
Closed

Good job .i have a question .can you help me ? #5

dolia opened this issue Oct 11, 2013 · 2 comments

Comments

@dolia
Copy link

dolia commented Oct 11, 2013

The client requests the index page at the broker. The broker will request user information from the server. Since the visitor is already logged in, the server returns this information. The index page is shown to the visitor.

Each client request to the index page ,the broker has to request user information from the server ,though the visitor is already logged in.

Is it reasonable?

I mean it takes 1second to complete curl request to get information from the server. Cost too much than traditional session login .

Hope your answer
@jasny
Copy link
Owner

jasny commented Oct 11, 2013

It shouldn't take that much time. The typical latency HTTP request on my server env (LAMP) is about 200ms. Check if you can bring down the response time of the server in general by tweaking Apache and PHP.

It's essential for any SSO solution to do this at least on the first page request. The only way for a broker to know who the client is, is by asking it to the server, since the client is not logged into the broken but into the server. After that, the broker can save the user's information in a session.

If you solve it that way, the client isn't logged out of all brokers automatically when logging out of one of them. This may of may not be an issue for you. There's a way around this, by having the server send out notifications of a logout to each broker. However that's outside the scope of the original article.

@jasny jasny closed this as completed Oct 11, 2013
@jasny
Copy link
Owner

jasny commented Oct 15, 2013

Yes there's no way around this. It shouldn't be that bad. You only have the overhead of a server to server http request. That should be in the range of 100 to 200ms.

If requesting the information from the server takes over a second, than logging in without SSO would also take over a second. In that case you should really try to tweak your server's environment.

----- Reply message -----
Van: "dolia" notifications@github.com
Aan: "jasny/SSO" SSO@noreply.github.com
Onderwerp: [SSO] Good job .i have a question .can you helpme ? (#5)
Datum: vr, okt. 11, 2013 17:17
The client requests the index page at the broker. The broker will request user information from the server. Since the visitor is already logged in, the server returns this information. The index page is shown to the visitor.

Each client request to the index page ,the broker has to request user information from the server ,though the visitor is already logged in.

Is it reasonable?

I mean it takes 1second to complete curl request to get information from the server. Cost too much than traditional session login .

Hope your answer


Reply to this email directly or view it on GitHub.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jasny @dolia