-
Notifications
You must be signed in to change notification settings - Fork 100
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Session meta procedure to forcibly disconnect a session #314
Comments
There should also be a
We are currently resorting to our application backend keeping track of all frontend sessions and associating each of the active sessions with the |
I am currently planning on implementing both of these as stated in gammazero/nexus#112. So, it sounds like these are both reasonable extensions of the WAMP session meta api. If there is consensus on this, I will draft the spec documentation of these. |
thinking about, since the main WAMP session related information is:
we could go for 4 procedures:
|
I have given it some thought, and this seems like a solid plan. It is simple, and is addresses all the identified use cases. It has my vote! |
From an API perspective, would it be a better idea to fold these four separate RPCs into a single one that takes a dictionary as a parameter? This dictionary would be something like: {
"sessions": [1934839483943, 304034303],
"authids": ["alice", "bob"],
"authroles": [],
"realms": ["Mordor"]
} Then a single For backward compatibility, the |
Collapsing all 4 into 1 procedure removes the ability to control authorization based on simple URI matching in a router, and rgd semantics: these needed to be "OR" (as providing a session ID already determines everything else). But with "OR" semantics, tbh I don't see that big of an advantage: I can kick 2 specific session IDs, all session of 2 authids, and all session of 1 realm in one call instead of 5 - where the latter can be pipelined (I can fire off all 5 calls at once, and then wait on the full set to resolve - sure, couple of more bytes). Mmmh. This seems like a very specific situation. I wouldn't collapse them .. |
there is also a 2nd issue with collapsing IMO: if the procedure is under the current URI |
Just my two cents: All router implementations, including nexus, currently handle the authrole as string or list of string, which also makes the one endpoint way too complex. I think, this is currently not included in the standard, but widely used. Best Regards, // cc: @martin31821 |
And another two cents: |
@KSDaemon There is an existing API from crossbar.io, so we could change that, but we don't have to. |
Ough! I didn't take that into account. Thanks, @johannwagner! |
Yeah, if we would start from scratch, |
What would be the next steps to get this thing rolling? |
Ideally a PR against this repo, adding a spec text proposal describing the new procedures .. |
I am perfectly happy with Also, I will be happy to draft the spec text and submit a PR in the next couple days, unless someone cannot wait that long (I know how exciting it must be). |
Actually, I do have one question about |
Good point! Agree with @gammazero. |
@gammazero yeah, you are right: it should be
|
rgd |
May be we can even add details attribute to |
I can see this being useful when the initiator is also providing remote authentication, and wants to force all clients to re-authenticate. The initiator can update its authentication logic/keys/etc. and then use So conclusion: |
IMHO |
I cannot think of a suicidal use case, so if that happens it is probably an error. However, in the interest of not breaking any compatibility with Crossbar's current implementation, I think it reasonable to do whatever Crossbar currently does. |
FWIW, I'm not sure how crossbar behaves in the suicide case, but I agree: it should raise an error (and do nothing). And I also agree: |
@gammazero awesome!! closing .. |
Since there have been requests for such a feature I wanted to propose this as a part of the WAMP specification. This is already supported by Crossbar: https://crossbar.io/docs/Session-Metaevents-and-Procedures/#killing-a-session, and seems like something that should have been proposed. I could not find mention of such a feature in any issue, so I am opening an issue.
The proposal is for a session meta procedure,
wamp.session.kill
. It takes one positional argument,session|ID
, two optional keyword arguments,reason
andmessage
. Thereason
argument is the URI used as theGOODBYE.Reason
. Themessage
argument is put intoGoodbye.Details
under the key "message". If the session does not exist, an error is returned.The text was updated successfully, but these errors were encountered: