#968 Proposal for HTTP API "close" op

Brian Frank Thu 17 Feb 2022

There isn't a standard way to free a authentication session. I want to propose a new operation called "close" which would basically do a logout of the authentication token. There would be no request body:

POST /haystack/close HTTP/1.1
Authorization: BEARER authToken=xxyyzz
Content-Type: text/zinc; charset=utf-8
Content-Length: 16

ver:"3.0"
empty

Chris Breederveld Thu 17 Feb 2022

+1

Alper Üzmezler Fri 18 Feb 2022

Lets name it kill like in linux. I am joking close is fine. Much needed feature.

Jay Herron Fri 18 Feb 2022

Sounds like a great idea!

Richard McElhinney Wed 23 Feb 2022

I think I'm missing something, there's no authentication token header in your example so I can't tell how this would work.

Good catch, I updated my example with the authorization header

Also, I thiink this Op should be marked as optional not mandatory in the standard REST API as I'm not sure how we can support this in Niagara. I can work with Eric to investigate this but I wouldn't want to see a definite mechanism adopted that can't be broadly supported.

While we have lived without this, I think it needs to be required - especially for Niagara. We've seen countless times that without very careful reuse of the session token/cookie its very easy to leak sessions and cause Niagara to run out of RAM when running on a JACE. This would be another tool to help clients do the "right" thing and notify the server when they are done processing. I'm sure there is an easy way to do it Niagara (even if you have to use a loopback connection to some logout URI)

Login or Signup to reply.