[Vtigercrm-developers] Ideas and suggestions please?

Giuseppe Rota g.rota at studiosynthesis.biz
Tue May 18 02:46:49 PDT 2010 

On Tue, May 18, 2010 at 9:45 AM, Alan Lord (News) <alanslists at gmail.com> wrote:
> One of the most annoying bugs in the Thunderbird extension for me and my
> customers is how, if the session times out, you have to re-save the
> vtiger configuration settings to trigger a fresh login attempt.
>
> I'd really like to fix this so that, as with all my email accounts, I do
> not have to repeatedly login.
>
> I've been thinking about how to achieve this and am not sure of the
> "right" approach.
>
> When we login using the REST API, we get a token. This token has a
> lifetime, which I believe we can capture and store. When any new
> transaction occurs (within the lifetime of the current token) across the
> REST API, I believe the lifetime of the token is then extended.

Yes, that's what happens in the getchallenge phase, have a look at the
code in include/Webservices/AuthToken.php, the code is quite simple.

>
> The TB extension is written in javascript and I am not sure that we can
> spawn a thread to run a timer so that we can trigger an event before the
> token expires if nothing else has happened.
>
> Could I just check to see if the token has expired (time elapsed) and if
> so, go through the login process again? This means I have to add a test
> before *every* API call (seems like a lot of overhead to me?).

As you can see from the above file, the session lasts 5 minutes. AFAIK
there seems to be no way of figuring out if the session expired,
calling a getchallenge operation "disturbs" the session state much
like in quantum physics :)
I guess that you can use some sort of optimistic approach:
if not more than, say, 4 and a half minutes have passed since the last
webservice operation, go ahead and try to perform the webservice
operation. It will most likely go through. Make sure to detect a
failure in the operation so that you know that you need to do again a
getchallenge+login to get a new sessionid. (never trust the client :)

If more that 4 and a half minutes have passed, do a getchallenge+login
operation and store the sessionid for future calls.
If you have access to the above php file you can try to extend the
window of the session.

hope it helps
Giuseppe Rota
-- 
Studio Synthesis srl
Business Process Consulting
Via Callegari 10, Brescia  - (+39)030/8336089
http://www.studiosynthesis.biz

More information about the vtigercrm-developers mailing list