Feature #251: handle http session expiry - VRSpace.org - Redmine

Feature #251

handle http session expiry

Added by Josip Almasi 3 months ago. Updated 27 days ago.

Status:

Closed

Priority:

Normal

Assignee:

Josip Almasi

Start date:

06/24/2025

Due date:

% Done:

Estimated time:

Description

Expired sessions are destroyed, currently this is caught only in SeleniumConfig.sessionDestroyed (HttpSessionListener).
(and subsequent http requests that require authorization are forbidden)
But the websocket remains open.
Server could (should?) close it with the appropriate code.
Websocket session keeps HttpSession in HTTP.SESSION attribute, SessionManager tracks all sessions and clients, Client contains websocket session.

History

Updated by Josip Almasi about 1 month ago

Assignee set to Josip Almasi
Status changed from New to In Progress

Updated by Josip Almasi about 1 month ago

Spring closes websockets of authenticated sessions automatically, with
code=1008, reason=This connection was established under an authenticated HTTP session that has ended.
But the client needs to re-authenticate to reconnect.

Updated by Josip Almasi about 1 month ago

Status changed from In Progress to Resolved

Closing websockets when anonymous http session expires.

Updated by Josip Almasi 27 days ago

Status changed from Resolved to Closed

Also available in: Atom PDF

Project

General

Profile

VRSpace.org

Issues

Feature #251

handle http session expiry

History

Updated by Josip Almasi about 1 month ago

Updated by Josip Almasi about 1 month ago

Updated by Josip Almasi about 1 month ago

Updated by Josip Almasi 27 days ago