I am trying to implement serverSessionTimeout in worklight server. I enabled serverSessionTimeout=5 and sso.cleanup.taskFrequencyInSeconds=5 in worklight.properties but no luck. We have user db entry for each user login. Ideally it should remove the user db entry once the session reached 5 minutes, but I am not able do clean the user db entry from server side. I appreciate if anybody help me on this.
As Iddo mentioned in the comments:
sso.cleanup.taskFrequencyInSeconds is related to an entirely different feature
serverSessionTimeout instructs the application server to invalidate sessions after the specified amount of time, but the actual cleanup can occur at the application server's discretion (see jaalger2's answer in this question
So in order to control the session, you need to setup the values to your liking. After that, simply let the application sever handle the memory threads.
Is there any particular reason why after the above you also need to access the database and delete rows from it? This should be handled automatically, not "manually".
Related
We're running into WSO2 Identity Server issues like Admin(Carbon console) user, Normal user(Service provider) unable to login, basically not able to do any operations.
Upon looking into logs, we found that it's because postgres db is getting blocked in one specific scenario which we were able to figure out as mentioned below:
Whenever SCIM2 GROUP PATCH request is made to add a group member who is already present in the same group and when the group member count is more database is being blocked.
This isn't valid scenario, which we later handled at our application end to not add same group member(Also, opted for SCIM2 Bulk API as it won't return all members back to improve performance). But now we're not sure, if we won't run into such issues again. Some times, we're having to restart the server.
So I wanted to know if there are known solutions for such issues. Is there any way, we can reduce DB blocking time.
IS v5.10.0
I am using Firebase's Realtime Database.
I am able to use my old device and permanently keep it on for checking if the host has left a party to therefore notify the users. However, this is inconvenient and there must be a simple server side solution.
I know how to code it (using .observe etc.) but I don't know where to run the code. The code will be on a loop to check if a host has left every 10 seconds (this is because the host may run out of battery so the database is not notified). Can I simply run it in functions somehow? Or using hosting?
The server code will send a request to the host, and if there is no response, the party has therefore been closed so it will tell the users.
Any help or pointers in the right direction are greatly appreciated.
If you have any questions, please ask!
It's not related to the iOS. Put your initial code into the viewDidLoad or init methods (depends on how do you write the code) and forget about it. Those methods are called once per an instance. For now Firebase works fine on your usecase. At least I don't have any wierd updates on the observe method. also you can specify what do you want to observe exactly in the Firebase (something like the new or last 15)
The solution to this was that even if the user left the app, they would still be in the party. I used user defaults so it can remember if the user was in a party so it can return them.
I also used Realtime Database triggers which can remove all information about a user with one action in the app (so all data gets removed, and not left behind, which would create a waste of unusable database memory).
I have a lobby in which I want the users to be in sync. So when a user turns off his internet while the app is running, he should be removed. I know Firebase does not support server side coding, so the coding needs to be client side. The answers from How to delete firebase data after "n" days and Delete firebase data older than 2 hours do not answer this question since they expect that the user is online and they have an internet connection. So my question is if is possible to delete users when they got no internet? I thought maybe it is an idea to let the users update a value every 5 seconds, and when that update is not done, the other users in that lobby remove the player. This way is not good, since every player needs to retrieve and upload alot of data every 5 seconds. What is the best way to solve this?
Edit: to make it short, lets say each user has an image. The image should be green when the user is connected, and grey when disconnected.
Edit 2: after thinking it over, it is really hard to accurate present the connected users on a client-side server. That is why, if nobody has a different solution, I should add another server which can execute server-side codes. Because of the larges amount of servers, I would like to know which server I should use. The server should run a simple function which only checks if the users are connected or disconnected and can communicate with Firebase. If I am correct it should look like this:
But the server also needs to communicate with the users directly. I have absoluty no idea where to start.
If I'm not completely wrong, you should be able to use onDisconnect.
From the Firebase, documentation:
How onDisconnect:Works:
When an onDisconnect() operation is established, it lives on the Firebase Realtime Database server. The server checks security to make sure the user can perform the write event requested, and informs the client if it is invalid. The server then monitors the connection. If at any point it times out, or is actively closed by the client, the server checks security a second time (to make sure the operation is still valid) and then invokes the event.
In app in production I'm using onDisconnectRemoveValue, and when I close the app, the user removes himself from the lobby. Not sure how it works when you turn the device in airplane mode, but from the documentation it seems there should be no problem.
One thing: when you test it better do it on real device, the simulator have issues with turning it off and on, at least the on I have installed.
Edit: So i checked the onDisconnect when you put the device on airplane mode and it works! The question is, that it removes the user in about a 1:30 min, approximately, so if you read the documentation or ask the support, you may be (and only may be) able to find a way to set the time you want.
I have a MongoDB client in three EC2 instances and I have created a replica set. Last time I had a problem, of space constraint which stopped my mongod process, thereby halting the application and now in an instance couple of days back, some of my tables were gone from database, so I set logging and all to my database just to catch if anything like that happens again. In a fresh incident this morning I was unable to login to my system and that's when I found out that whole database was empty. I checked other SO question like this which suggest setting up a TTL.Which I haven't done at all.
Now how do I debug this situation and do a proper root cause analysis? I can't even find anything in my debug logs as well. The tables just vanished. How do I set up proper logging mechanism and how do I ensure that all my tables are never ever deleted again?
Today I got a mail from Amazon that I was probably running an unsecured version of MongoDB and that may have caused this issue. So who ever is facing this issue please go through the Security Checklist Provided by MongoDB. There are some points that are absolutely necessary in there.
1. Enable Access Control and Enforce Authentication
2. Encrypt Communication
3. Limit Network Exposure
These three are the core and depending upon how many people access your database you can Configure Role-Based Access Control.
These are all the things I have done. Before this incident I had not taken security that seriously but after I was hit by it. I made sure I have all the necessary precautions in place.
Hope this helps someone.
Let's imagine that my node.js+express+socket.io server with express-session middleware is using mongoDB as storage ('connect-mongo') with maxAge of session set to null (i.e cookie lasts as long as user's browser is opened), and now this server is completely down.
Ages are passing by and in a new century, while Earth being torn apart by Zombies, Werewolfs and Alien Invaders, a bunch of insanely brave scientists discover intact remnants of my server and boots them up.
So, by this time many (if not every) client's browsers was closed and cookies cleaned. If one of those clients will connect to my server, server will discover that he (client) not presenting any valid cookie and will make a new one for him.
Now - the part in which i'm interested - what happend with those old sessions stored in connect-mongo storage. Obviously server wasn't able to clean them up while he was down, and now they will just hang as dead cargo in DB storage? Or there is some mindblowing magic behind it, that will, after server reboot, somehow 'know' that those users ended their sessions long ago, while server was down and will clean everything up accordingly?
express-session doesn't enforce any clean-up behavior for its stores (at least I didn't see any evidence of that in the source code). However, stores may certainly clean up stale sessions. For example, from the connect-mongo documentation:
By default, connect-mongo uses MongoDB's TTL collection feature (2.2+) to have mongod automatically remove expired sessions. But you can change this behavior.