Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Activity
    Nicolas Ritouet
    @NicolasRitouet
    ok
    Andrei Alecu
    @andreialecu
    and mongo actually has a timetolive feature which can delete records automatically http://docs.mongodb.org/manual/tutorial/expire-data/
    Andrei Alecu
    @andreialecu
    https://github.com/deployd/deployd/pull/486/files merge this when you can, I'm reworking it so for the sake of history and potential rollbacks to it, it should be there since it's a pretty critical fix
    Nicolas Ritouet
    @NicolasRitouet
    @andreialecu done
    Andrei Alecu
    @andreialecu
    I'm 99% done with the refactoring of sessions to not create one on every request
    and I added expiration
    I'm adding invalidation on username and password change
    and will push soon
    all tests pass and I tested in my app and it looks good
    Eric Fong
    @ericfong
    If only store a userId into the session is possible.
    Andrei Alecu
    @andreialecu
    we could, but you lose the capability of controlling sessions from the server
    say you want only 2 simultaneous sessions ever per user, you can do that if you store the sessions on the server
    with this MAC based approach that's pretty much impossible, although it does look like a good idea, I think in general it's mostly suitable for api-to-api (machine to machine) code
    not as much for browser (user) to api
    but we can mull it over, maybe provide it as an option in the future
    I'm done with my session changes, even invalidation of previous sessions on user/password change works
    Eric Fong
    @ericfong
    I have not tried something like that too. But stateless scale well. We may need redis for session and websocket pub/sub
    Great !
    Andrei Alecu
    @andreialecu
    deployd/deployd#489
    well, here it is
    if you have an app to test it on, it would be a good idea :)
    all tests pass, I added another, and it seems to work great in my app so far, but need a second pair of eyes
    Andrei Alecu
    @andreialecu
    @ericfong regarding stateless login, also read here: http://security.stackexchange.com/questions/49145/avoid-hitting-db-to-authenticate-a-user-on-every-request-in-stateless-web-app-ar -> the logout issue in particular is of concern
    Eric Fong
    @ericfong
    Thx. Looks like bigger problem then help
    Nicolas Ritouet
    @NicolasRitouet
    hey guys
    what’s your point of view for the 0.8 version? Which PR should be merged before releasing?
    Nicolas Ritouet
    @NicolasRitouet
    @/all
    Eric Fong
    @ericfong
    One more bug fix for script.js deployd/deployd#493
    :smile:
    Andrei Alecu
    @andreialecu
    that's not good @ericfong
    I doubt tests will pass once you do that, at least not the promise PR I made
    and add then finish right one after the other doesn't really make much sense really :)
    might as well just remove finishcallback it's the same thing :)
    for sure however that the promise stuff will be broken by this, it expects that callback to actually call the finishcallback event
    they'll be out of sync otherwise
    Eric Fong
    @ericfong
    Mmm, this PR seems stupid to me too. Just found the bug.
    And not sure why originally need the finishcallback.
    Andrei Alecu
    @andreialecu
    to inject as the last parameter of a domain function
    it's a callback function
    I don't see if it was actually ever used, I only started using it for promises
    that code path
    Eric Fong
    @ericfong
    If the promise PR can consider the call_a_async_func_without_callback_and_promise will be great. And I can close my PR
    I will call dpd.email.post({DATA}) without waiting for the email done.
    Andrei Alecu
    @andreialecu
    if you merge my promise PR
    that will work
    already
    I already handled that stuff there
    Eric Fong
    @ericfong
    Yes. Shall we consider Promise PR as a fix instead of feature and launch that with 0.8?
    Then my PR is duplicated (The unit test can be kept)
    Nicolas Ritouet
    @NicolasRitouet
    what about this PR: deployd/deployd#489
    0.8 or 0.9 ?