[Vtigercrm-developers] Ideas and suggestions please?

Tue May 18 08:47:33 PDT 2010

Hi alan,

getchallenge reponse token is not the life time of the session with life
time of token, meaning before 5mins one has to complete the loging
operation.

the session time configuration is as follows.

session idle timeout is 30mins.
session lifespan is 24hrs.

javascript lets you run interval-ed tasks to i recommend you ping the server
every 25 or 28 mins.

going forward we are planing to increase the idle timeout to 24hrs and
lifespan to 3days.

Thanks,
MAK

On Tue, May 18, 2010 at 3:16 PM, Giuseppe Rota
<g.rota at studiosynthesis.biz>wrote:

> On Tue, May 18, 2010 at 9:45 AM, Alan Lord (News) <alanslists at gmail.com>
> wrote:
> > One of the most annoying bugs in the Thunderbird extension for me and my
> > customers is how, if the session times out, you have to re-save the
> > vtiger configuration settings to trigger a fresh login attempt.
> >
> > I'd really like to fix this so that, as with all my email accounts, I do
> > not have to repeatedly login.
> >
> > I've been thinking about how to achieve this and am not sure of the
> > "right" approach.
> >
> > When we login using the REST API, we get a token. This token has a
> > lifetime, which I believe we can capture and store. When any new
> > transaction occurs (within the lifetime of the current token) across the
> > REST API, I believe the lifetime of the token is then extended.
>
> Yes, that's what happens in the getchallenge phase, have a look at the
> code in include/Webservices/AuthToken.php, the code is quite simple.
>
> >
> > The TB extension is written in javascript and I am not sure that we can
> > spawn a thread to run a timer so that we can trigger an event before the
> > token expires if nothing else has happened.
> >
> > Could I just check to see if the token has expired (time elapsed) and if
> > so, go through the login process again? This means I have to add a test
> > before *every* API call (seems like a lot of overhead to me?).
>
> As you can see from the above file, the session lasts 5 minutes. AFAIK
> there seems to be no way of figuring out if the session expired,
> calling a getchallenge operation "disturbs" the session state much
> like in quantum physics :)
> I guess that you can use some sort of optimistic approach:
> if not more than, say, 4 and a half minutes have passed since the last
> webservice operation, go ahead and try to perform the webservice
> operation. It will most likely go through. Make sure to detect a
> failure in the operation so that you know that you need to do again a
> getchallenge+login to get a new sessionid. (never trust the client :)
>
> If more that 4 and a half minutes have passed, do a getchallenge+login
> operation and store the sessionid for future calls.
> If you have access to the above php file you can try to extend the
> window of the session.
>
> hope it helps
> Giuseppe Rota
> --
> Studio Synthesis srl
> Business Process Consulting
> Via Callegari 10, Brescia  - (+39)030/8336089
> http://www.studiosynthesis.biz
> _______________________________________________
> Reach hundreds of potential candidates - http://jobs.vtiger.com
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.vtigercrm.com/pipermail/vtigercrm-developers/attachments/20100518/2f225fb9/attachment-0002.html 