Fork me on GitHub
#ring
<
2022-07-08
>
deep-symmetry01:07:49

Hello, everyone! I am seeing some strange behavior with jdbc-ring-session (using the ring-undertow-adapter and I am wondering if anyone might be able to help me explain and fix it, since I was up way past my bedtime to no avail last night. I have my cookies set to expire far in the future, and my browser is sending them just fine, and the session works great as long as my Clojure application stays up. I can see the row in the database, and I can see my browser sending the cookie. So far so good. (edited) But if I shut down the REPL/JVM, or run stop followed by start, the database entry for my session remains fine, but upon the next HTTP request from my browser (which still includes the right cookie), the session shrinks in the database (I assume it’s replaced by an empty session map) and I am confronted with the login page. Once I log in again, the session in the database grows back to the size it had before I bounced the server, and I regain access to the pages requiring authentication until I next bounce the server. Most peculiar! Where might I find the code that is clearing out sessions when receiving a new request after a server restart? I don’t want this, I want my sessions to last effectively forever. In case it helps, the code is at https://github.com/brunchboy/shade, and it is an application that will let me control my automated blinds from anywhere without paying the monthly highway robbery subscription the manufacturer wants for that capability, as well as letting guests control them in appropriate rooms, and will grow to have really cool visual features where you can set them by clicking on a photo of the room, and I will composite photos I took of the blinds in different configurations to show you the current state of the room.

wevrem02:07:11

Are you expecting the session to persist after a server restart and it's not? What do you mean by “the session shrinks”? Is the session after the login the “same” as before? Or is it an entirely new session? Instead of a server restart can you test manually deleting the database entry and see if it is restored from the cookie on the next request? I don't really have an answer, I'm just giving you the same questions I would ask myself to get started debugging.

deep-symmetry04:07:55

Your questions make perfect sense to me! 🙂 What I mean by “the session shrinks” is that the byte size of the opaque binary value in Postgres drops; I would not expect it to change at all from just trying to load the page I was on. I am not certain of the actual contents, because I don’t know how to mentally parse a binary nippy column. I expect that if I delete it from the database I will end up in a similar state, let me try. My cookie stores only the session id, not any of its contents.

deep-symmetry04:07:21

OK, that is strange. When I delete the session from the database and reload the page, I am still logged in. So the session middleware is not hitting the database again.

deep-symmetry04:07:37

This is starting to look to me as though the middleware is only writing to the database, and never reading values from it.

deep-symmetry04:07:27

And I can confirm that even though the database row stays there when I stop and restart the server, my session is nil after a server restart.

wevrem13:07:39

Something else to consider is how often do you expect this to happen? Are you going to be restarting the server that often, and is it seldom enough that requiring re-login is okay?

deep-symmetry16:07:07

I don’t see why that is something to consider at all, @UTFAPNRPT? The entire point of having installed and configured the JDBC session adapter is so that sessions are in the database and survive past a server restart. If I did not want that, I could just use in-memory sessions and be done with it. I am asking how to make database-backed sessions work at all. If they don’t work, there is no value to that project’s existence. There must be a way to make them work.

wevrem17:07:21

Well, one reason to use a database (and it seems to be the main one for you) is to persist sessions through a restart, yes. But it’s not the only one. There are others: performance, multiple servers, custom session logic. And some might want to use a database for those benefits but still want sessions not to persist, because then restarting the server is a simple way to invalidate existing sessions. I don’t use sessions that way (I go with JWT instead), so I can’t help you further, but I wish you luck.

deep-symmetry18:07:53

Right, in my case performance isn’t an issue, nor will there be multiple servers; this is a home project, for us and our friends/guests/pet sitters. My only goal in using a database is to have sessions survive server restarts. Anyone have any ideas who might know how to make that happen with this JDBC session implementation?

deep-symmetry19:07:00

I opened an issue on the jdbc-ring-session repository and yogthos was kind enough to identify the problem. Somehow in following the sample code I had ended up with two session wrappers that were battling each other. Getting rid of the extra one made things work the way I had intended. Here are the details if anyone is struggling with something similar: https://github.com/luminus-framework/jdbc-ring-session/issues/19