These are chat archives for deployd/contributors

15th
Jan 2015
Andrei Alecu
@andreialecu
Jan 15 2015 15:46
@ericfong or @NicolasRitouet , if you have production apps can you check db.sessions.stats()
the session handling in deployd is so rudimentary at this point that the table grows indefinitely and can even create a new session on every request without ever deleting any of them
deployd/deployd#314
I have 7451 sessions in mine without any actual production so far, just my testing
Nicolas Ritouet
@NicolasRitouet
Jan 15 2015 16:52
"count" : 11803
but I have something like 5 users using the app almost everyday
Andrei Alecu
@andreialecu
Jan 15 2015 16:57
there is a huge issue in the code where if you don't resend the sid cookie that was first generated it will create a new session every time
Nicolas Ritouet
@NicolasRitouet
Jan 15 2015 16:57
ok
Andrei Alecu
@andreialecu
Jan 15 2015 16:57
this is especially possible across servers with CORS
for example the $http object in angular needs an extra flag passed to it {withAuthentication: true}
otherwise the cookie is not sent by default, thus creating sessions on every single request
it's also impossible now to log out a user without deleting the session from mongo directly, they never expire
once logged in you'll be logged in forever
Nicolas Ritouet
@NicolasRitouet
Jan 15 2015 16:59
:worried:
Andrei Alecu
@andreialecu
Jan 15 2015 16:59
if you change the username or password, that still doesn't log the session out
you have to change the user id to invalidate a session, that's the only way
Nicolas Ritouet
@NicolasRitouet
Jan 15 2015 17:01
ok
I have to go, we can talk about that later