There isn't a standard way to free a authentication session. I want to propose a new operation called "close" which would basically do a logout of the authentication token. There would be no request body:
Lets name it kill like in linux. I am joking close is fine. Much needed feature.
Jay HerronFri 18 Feb 2022
Sounds like a great idea!
Richard McElhinneyWed 23 Feb 2022
I think I'm missing something, there's no authentication token header in your example so I can't tell how this would work.
Good catch, I updated my example with the authorization header
Also, I thiink this Op should be marked as optional not mandatory in the standard REST API as I'm not sure how we can support this in Niagara. I can work with Eric to investigate this but I wouldn't want to see a definite mechanism adopted that can't be broadly supported.
While we have lived without this, I think it needs to be required - especially for Niagara. We've seen countless times that without very careful reuse of the session token/cookie its very easy to leak sessions and cause Niagara to run out of RAM when running on a JACE. This would be another tool to help clients do the "right" thing and notify the server when they are done processing. I'm sure there is an easy way to do it Niagara (even if you have to use a loopback connection to some logout URI)
Brian Frank Thu 17 Feb 2022
There isn't a standard way to free a authentication session. I want to propose a new operation called "close" which would basically do a logout of the authentication token. There would be no request body:
Chris Breederveld Thu 17 Feb 2022
+1
Alper Üzmezler Fri 18 Feb 2022
Lets name it kill like in linux. I am joking close is fine. Much needed feature.
Jay Herron Fri 18 Feb 2022
Sounds like a great idea!
Richard McElhinney Wed 23 Feb 2022
Good catch, I updated my example with the authorization header
While we have lived without this, I think it needs to be required - especially for Niagara. We've seen countless times that without very careful reuse of the session token/cookie its very easy to leak sessions and cause Niagara to run out of RAM when running on a JACE. This would be another tool to help clients do the "right" thing and notify the server when they are done processing. I'm sure there is an easy way to do it Niagara (even if you have to use a loopback connection to some logout URI)