You are not logged in.
Pages: 1
Hi,
I found two problems with sessions.
The first:
when TSQLServer has single user and reOneSessionPerUser is used in TSQLAuthGroup.AllowRemoteExecute set, then the session is never released (deleted) even when session time out occurred.
Second:
the precision of timeout is too low for some automation processes (for example for bot clients). The minimal timeout can be set to one minute, IMO should be possible to set such timeout to second/few seconds in some cases. The behavior cannot be changed in simple way. The usefully would be virtual TSQLRestServer.SessionAccess (current SessionAccess cannot be overridden) or some other solution.
best regards,
Maciej Izak
Offline
The first problem can be partially solved via custom TSQLRestServer.OnSessionCreate.
The second part can be solved via custom TAuthSession:
type
TCustomAuthSession = class(TAuthSession)
procedure ComputeProtectedValues; override;
end;
procedure TCustomAuthSession.ComputeProtectedValues;
begin
inherited;
fTimeOutShr10 := (QWord(User.GroupRights.SessionTimeout)*(1000))shr 10;
Inc(fTimeOutShr10);
fTimeOutTix := GetTickCount64 shr 10+fTimeOutShr10;
end;
...
MyServer.SessionClass := TCustomAuthSession;
Default precision is in approximation one second so all seems fine.
Last edited by hnb (2019-07-08 13:37:33)
best regards,
Maciej Izak
Offline
Pages: 1