Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Possible repeated calls to /session endpoint #870

Closed
mt-sebastien-robert opened this issue Mar 25, 2019 · 2 comments
Closed

Possible repeated calls to /session endpoint #870

mt-sebastien-robert opened this issue Mar 25, 2019 · 2 comments
Assignees
@ar2rsawseen

Comments

@mt-sebastien-robert
Copy link
Contributor

mt-sebastien-robert commented Mar 25, 2019
edited
Loading

When the session extending mechanism triggers, it also triggers a timeout for the second half of its duration, listening for clicks and mouse moves. When in the middle of the second half of the expiration delay, moving the mouse does:

Expected behavior

Triggers a single call to the /session endpoint.

Current behavior

Triggers 2 to 3 calls to the /session endpoint, with the frontend and the backend on the same machine. Could be a pain on a laggy network and/or with a server under load.

Possible solution

In the code bellow:

var extendSession = function() {
    /*** SUGGESTED CHANGE HERE ***
    shouldRecordAction = false;
    *** SUGGESTED CHANGE HERE ***/
    $.ajax({
        url: countlyGlobal.path + "/session",
        success: function(result) {
            if (result === "logout") {
                $("#user-logout").click();
            }
            if (result === "login") {
                $("#user-logout").click();
                window.location = "/login";
            }
            else if (result === "success") {
                shouldRecordAction = false;
                var myTimeoutValue = parseInt(countlyGlobal.config.session_timeout) * 1000 * 60;
                if (myTimeoutValue > 2147483647) { //max value used by set timeout function
                    myTimeoutValue = 1800000;//30 minutes
                }
                setTimeout(function() {
                    shouldRecordAction = true;
                }, Math.round(myTimeoutValue / 2));
                resetSessionTimeouts(myTimeoutValue);
            }
        }
        /*** SUGGESTED CHANGE HERE ***
        ,
        error: function() {
            shouldRecordAction = true;
        }
        *** SUGGESTED CHANGE HERE ***/
    });
};

...

$(document).on("click mousemove extend-dashboard-user-session", function() {
    if (shouldRecordAction) {
        extendSession();
    }
});

No matter the /session always return 200, one is never protected against network failure, checking for errors is always a good thing.

Steps to reproduce

  1. Open the dev tools in the browser on the Network tab (optionally filter on session)
  2. Set session expiration to 1 minute (the smallest unit of time possible)
  3. A bit before reaching 30 seconds, move the mouse like crazy
  4. See the Network tab for what score you can get ;)
@ar2rsawseen ar2rsawseen self-assigned this Mar 28, 2019
@ar2rsawseen
Copy link
Member

This should be fixed here:
#897

@mt-sebastien-robert
Copy link
Contributor Author

Thanks @ar2rsawseen and @frknbasaran :)

@snyk-bot snyk-bot mentioned this issue May 6, 2020
Open
This was referenced May 21, 2020
Open
Open
@snyk-bot snyk-bot mentioned this issue Jun 19, 2020
Open
@bumplzz69 bumplzz69 mentioned this issue Jan 29, 2021
Open
@srom23 srom23 mentioned this issue Jun 7, 2022
Open
@bumplzz69 bumplzz69 mentioned this issue Jun 8, 2022
Open
@bumplzz69 bumplzz69 mentioned this issue Oct 5, 2022
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ar2rsawseen ar2rsawseen

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ar2rsawseen @mt-sebastien-robert