Documentation for RP Initiated Logout, and Index Session Deletion from Redis, when session naturally expires #3190
Labels
Comments
dreamstar-enterprises
added
status: waiting-for-triage
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Expected Behavior
My Spring BFF sort of almost works (I'm now in month 3 of trying to create a robust login page).
Explicit Logout
When I explicity logout, the following function gets called, and so the session is deleted from (i) namespace > sessions, (ii) namespace > sessions > expires, (iii) namespace > sessions > session id > idx, (iv) and namespace > sessions > expiration (sorted set)
https://github.com/dreamstar-enterprises/docs/blob/master/Spring%20BFF/BFF/src/main/kotlin/com/frontiers/bff/auth/handlers/SessionServerLogoutHandler.kt#L40
Which calls this and this:
https://github.com/dreamstar-enterprises/docs/blob/master/Spring%20BFF/BFF/src/main/kotlin/com/frontiers/bff/auth/sessions/SessionControl.kt#L51
https://github.com/dreamstar-enterprises/docs/blob/master/Spring%20BFF/BFF/src/main/kotlin/com/frontiers/bff/auth/sessions/SessionControl.kt#L53
Which calls this and this:
https://github.com/spring-projects/spring-session/blob/main/spring-session-core/src/main/java/org/springframework/session/web/server/session/SpringSessionWebSessionStore.java#L162
https://github.com/spring-projects/spring-session/blob/main/spring-session-core/src/main/java/org/springframework/session/web/server/session/SpringSessionWebSessionStore.java#L100
Which both ultimately call this:
https://github.com/spring-projects/spring-session/blob/main/spring-session-data-redis/src/main/java/org/springframework/session/data/redis/ReactiveRedisIndexedSessionRepository.java#L387
The 4 delete methods in here get called
https://github.com/spring-projects/spring-session/blob/main/spring-session-data-redis/src/main/java/org/springframework/session/data/redis/ReactiveRedisIndexedSessionRepository.java#L391
The following also gets called to do an RP Initiated Logout (to end the session that exists with the Auth0 Authorization server too)
https://github.com/dreamstar-enterprises/docs/blob/master/Spring%20BFF/BFF/src/main/kotlin/com/frontiers/bff/auth/handlers/SessionServerLogoutHandler.kt
https://github.com/dreamstar-enterprises/docs/blob/master/Spring%20BFF/BFF/src/main/kotlin/com/frontiers/bff/auth/handlers/oauth2/OAuth2ServerLogoutSuccessHandler.kt
Natural BFF session expiration
But how do I do the above, when the BFF session reaches its natural expiration time.
When this happens Redis still leaves the following
Also the Auth0 session is never logged out from (so if the person logs in again via the Spring BFF, and the Auth0 session is still valid, and it will silently login without showing the Auth0 login page)
The text was updated successfully, but these errors were encountered: