Announcement

Collapse
No announcement yet.

Using the API, max sessions reached

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Using the API, max sessions reached

    Hi, I've written a PHP class to connect with the HTTP API, and most things work smoothly. But it seems that logging out from a session does not remove the session. After several login's, checking for new email, logging out, I eventually get this error on attempting to log in:
    Max. session size for user %1$s in context %2$s

    I don't want to increase the number of sessions allowed, I would rather find a way to clear all sessions for a user through the API, or ideally logging out using an ox_session identifier would automatically remove the session, but it seems not to.

    Any ideas?

    Greg

  • #2
    Hi,

    clearing all sessions is not possible. It would also affect sessions initiated by other clients (browsers, mobiles...). Your script has to close the session that it opened on every usage. OX loggs login/logout on loglevel INFO so you can use this to debug the script for missing or incorrect logut calls.

    Greetings

    Comment


    • #3
      Thanks. I am logging out, but the curl call returns no error (returns nothing at all) so I assumed that logging out would close the session.

      Greg

      Comment


      • #4
        Hi Greg,

        of course, the logout call terminates the session provided by the logout call. Could you give an example of the logout call you do? Keep in mind to send mandatory parameters like sessiond and cookies.

        Greetings

        Comment


        • #5
          Logging in with:
          PHP Code:
            function login($user,$pass,$cookieFile){
              
          $ch curl_init('http://domain.com/ajax/login?action=login&name='.$user.'&password='.$pass); 
              
          curl_setopt($chCURLOPT_GET1); 
              
          curl_setopt($chCURLOPT_RETURNTRANSFER1);
              
          curl_setopt($chCURLOPT_COOKIEJAR$cookieFile);
              
          curl_setopt($chCURLOPT_COOKIEFILE$cookieFile);

              
          $results curl_exec($ch); 
              
          $results=json_decode($results);
              
          curl_close($ch);

              
          $ox_session $results->session;
              return 
          $ox_session;
            } 
          Then at the end, log out with:
          PHP Code:
            function logout($session_id,$cookieFile){
              
          $ch curl_init('http://domain.com/ajax/login?action=logout&session="'.$session_id); 
              
          curl_setopt($chCURLOPT_GET1); 
              
          curl_setopt($chCURLOPT_RETURNTRANSFER1);
              
          curl_setopt($chCURLOPT_COOKIEJAR$cookieFile);
              
          curl_setopt($chCURLOPT_COOKIEFILE$cookieFile);

              
          $logout curl_exec($ch); 

              
          $results=json_decode($logout);
              
          curl_close($ch);
              
            } 
          Greg

          Comment


          • #6
            I keep trying to paste the code how I log out, but it won't show up as a post. I get a message that the moderator needs to approve it.

            I am attaching it as a text file. Hope that works.

            Greg
            Attached Files

            Comment


            • #7
              In the log I see this for the login:

              Dec 15, 2010 9:05:04 AM com.openexchange.login.internal.LoginPerformer logLoginRequest
              INFO: Login:gregt AuthID:8e2a7a62f1344022a7e6de669a7f7816 Agent:null Client:null(null) Interface:HTTP_JSON Context:1(1,CGI-OX,defaultcontext) User:11(gregt) Session:2e63b8af1b1144eab1579e94590c9c86

              but no corresponding entry for the logout. You can see the api call I am making in the txt file above.

              Greg

              Comment


              • #8
                Yes, the API calls seem to be okay, but perhaps the script does not call the logout function properly in any case?

                Comment


                • #9
                  What's that double quote doing there?
                  Code:
                  function logout($session_id,$cookieFile){
                  	$ch = curl_init('http://domain.com/ajax/login?action=logout&session=[B][COLOR="red"]"[/COLOR][/B]'.$session_id);

                  Comment


                  • #10
                    Wtf? What indeed is that double quote doing there ruining my development schedule!!

                    Viktor, I owe you and your sharp eyes a beer! Thank you!

                    Greg

                    Comment


                    • #11
                      Hi there,

                      I'm having a similar problem. We have developed an easylogin-like page which authenticates users by using the HTTP API. After some intensive testing with the same user we got the same error message as the original poster:

                      Code:
                      Category=8 Message=Max. session
                       size for user 10002 in context 1 exceeded exceptionID=1760325806-2307
                      Some hours later with no activity with that user, the user is unable to login because of the previous error message.

                      Is there any way to make sessions created via HTTP API to automatically expire?

                      Regards.

                      Comment


                      • #12
                        The sessions do expire. But in the latest version, the default expiration time is one week. You can change it in sessiond.properties.

                        Comment


                        • #13
                          Viktor, thank you for your quick reply.

                          To clear entirely my doubt, sessions created via HTTP API have a duration configured in com.openexchange.sessiond.sessionLongLifeTime and normal sessions have a com.openexchange.sessiond.sessionDefaultLifeTime ms.

                          Am I right?

                          Regards.

                          Comment


                          • #14
                            No. all sessions are the same (the web front-end also uses the HTTP API). sessionDefaultLifeTime controls only when the server throws away all unnecessary data associated with a session, to save memory. After that, a session is mostly only useful for autologin, but AFAIK still counts against the limits.

                            And just to be clear: your actual problem is that you were not logging out. Reducing the session lifetime will effectively make the autologin feature useless for everybody. A configuration change will also require restarting the server, which, unless you can migrate sessions in a cluster, will terminate all sessions anyway.

                            The best solution would be to just create another test user to continue testing (and logging out this time). If you used a real user and need to login again, you can either raise the session count limit, or in the worst case, restart the OX application without migrating the sessions, thereby terminating all sessions. If you use a dedicated test server, then terminating all sessions by restarting the OX is probably the easiest way.

                            Comment


                            • #15
                              Viktor,

                              thank you again for your reply. Our problem is that we have developed a custom login page which doesn't use autologin, and we didn't take in account this issue. We have lowered these values (we're still on the testing stage) to fit our needs.

                              Is there an easy way to achieve autologin on a custom page?

                              Thank you, regards.

                              Comment

                              Working...
                              X