Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow backend connector to apply expiration policies based on HTTP session timeout #126

Closed
mcollovati opened this issue Apr 10, 2024 · 1 comment · Fixed by #163
Closed

Allow backend connector to apply expiration policies based on HTTP session timeout #126

mcollovati opened this issue Apr 10, 2024 · 1 comment · Fixed by #163

Comments

@mcollovati
Copy link
Contributor

Kubernetes KIT requests the deletion of session stored by backend connector when the HTTP session expires because of timeout or manual invalidation.
However, the HTTP session may be never destroyed when an application node is stopped, leaving orphaned sessions on the backend that may not be restored on another node, for example because the browser tab has been already closed.

To prevent this situation, it should be possible to make the backend connectors apply an expiration policy to each persisted entry. Both Redis and Hazelcast provide such feature.

The expiration time for the stored sessions entries should be computed based on the HTTP session timeout, to avoid eager removal of data. For example, it could be something like HttpSession.getMaxInactiveInterval() * 1.5, letting the data on the backed to live for a while after the assumed HTTP session expiration.
@jorgheymans jorgheymans mentioned this issue Oct 8, 2024
Open
@jorgheymans
Copy link

jorgheymans commented Oct 8, 2024
edited
Loading

If this is considered for implementation, please consider first the most simple strategy which is to let the developer directly configure a duration which is added to the session creation time to determine expiry. As most teams don't have unlimited session duration and are managing session lifecycle actively they would know of a hard limit after which a session can safely be reaped in the store. A strategy interface for this could then let teams apply more sophisticated expiration policies if needed.

mcollovati added a commit that referenced this issue Nov 15, 2024
@mcollovati
feat: add configurable backend session expiration policy
52a0418 
Allows to define an expiration policy for the backend stored session.
By default no expiration is set, but can be expiration can be activated
setting the vaadin.kubernetes.backend-session-expiration-tolerance property
or by providing a custom SessionExpirationPolicy bean.

Fixes #126
@mcollovati mcollovati mentioned this issue Nov 16, 2024
Merged
9 tasks
mcollovati added a commit that referenced this issue Nov 27, 2024
@mcollovati
feat: add configurable backend session expiration policy
59eeed5 
Allows to define an expiration policy for the backend stored session.
By default no expiration is set, but can be expiration can be activated
setting the vaadin.kubernetes.backend-session-expiration-tolerance property
or by providing a custom SessionExpirationPolicy bean.

Fixes #126
tamasmak pushed a commit that referenced this issue Nov 27, 2024
@mcollovati
feat: add configurable backend session expiration policy (#163)
9bb5e5f 
Allows to define an expiration policy for the backend stored session.
By default no expiration is set, but can be expiration can be activated
setting the vaadin.kubernetes.backend-session-expiration-tolerance property
or by providing a custom SessionExpirationPolicy bean.

Fixes #126
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

feat: add configurable backend session expiration policy vaadin/kubernetes-kit
2 participants
@jorgheymans @mcollovati