#1 2024-05-04 15:15:06

mrbar2000
Member
From: Brazil
Registered: 2016-10-26
Posts: 89

Session not Assigned to current context.

in this code

function TRestServerUriContext.Authenticate: boolean;
...
begin
...
    if (rsoSessionInConnectionOpaque in Server.Options) and
       (Call^.LowLevelConnectionOpaque <> nil) then
    begin
      // TAuthSession instance may have been stored at connection level
      // to avoid signature parsing and session lookup
      s := pointer(Call^.LowLevelConnectionOpaque^.ValueInternal);
      if s <> nil then
        if s.InheritsFrom(Server.fSessionClass) then
        begin
          SessionAssign(s);  <<<<<<<<<<<<<<<<<<<<< here does
          exit;
        end
        else
          Call^.LowLevelConnectionOpaque^.ValueInternal := 0; // paranoid
    end;
    // parse signature to retrieve the associated session
    Server.fSessions.Safe.ReadOnlyLock; // allow concurrent authentication
    try
      a := pointer(Server.fSessionAuthentication);
      if a <> nil then
      begin
        n := PDALen(PAnsiChar(a) - _DALEN)^ + _DAOFF;
        repeat
          s := a^.RetrieveSession(self); // retrieve from URI or cookie
          if s <> nil then
          begin
            if (Log <> nil) and
               (s.RemoteIP <> '') and
               (s.RemoteIP <> '127.0.0.1') then
              Log.Log(sllUserAuth, '%/% %',
                [s.User.LogonName, s.ID, s.RemoteIP], self);

             SessionAssign(s) <<<<<< are not missing this here????

            exit;
          end;
          inc(a);
          dec(n);
        until n = 0;
      end;
...
end;

Offline

#2 2024-05-04 17:41:04

ab
Administrator
From: France
Registered: 2010-06-21
Posts: 14,655
Website

Re: Session not Assigned to current context.

Did you debug a little?

It sounds like if RetrieveSession() calls LockedSessionAccess() which eventually calls SessionAssign().
This path is just a bit more complex because we need to lock and call a virtual method to get the ID from the URI, then O(log(n)) look binary search into the session array, then unlock.
Whereas with the opaque pointer trick we don't need any lock, and we have the session directly with O(1) complexity.

Offline

Board footer

Powered by FluxBB