Erik,
After running this by engineering, Lee was able to provide some valuable insight that is a temporary fix for the session expiration issue. Know that this is no “fix” for this in release 1.6, but a real fix will come in 2.0 when we re-write session handling.
But you can get it to work using the default session and the “duration” url parameter on login. Here is what you have to do (which I assume will not be ideal for clients because it deals with cookies).
This currently works by setting a "duration" field greater than 0 (default) in the login request as below (the launchpad checkbox currently sets the duration = 3600 * 24 * 30 i.e. 30 days).
curl -i -k -3 -X POST http://localhost/rest/user/session \
-H “X-DreamFactory-Application-Name: todojquery”
-d ‘{ “email” : “test@dreamfactory.com”, “password” : “Password123”, “duration”: 3600 }’
The -i option above dumps response headers. You will see that the server is setting the session cookie as well as an additional hashed cookie that can be used to “re-create” the session later after it “expires”. Notice the “expires” value.
Set-Cookie:PHPSESSID=ediaffcjdlukhi9jflpntl7ch3; path=/SetCookie:279d658aeca916be9eda1385aac9b2fd=94cdd89f843b42d076b701ca53c6f81d00d8cc6fa%3A4%3A%7Bi%3A0%3Bi%3A11%3Bi%3A1%3Bs%3A20%3A%22lee%40dreamfactory.com%22%3Bi%3A2%3Bi%3A3600%3Bi%3A3%3Ba%3A6%3A%7Bs%3A12%3A%22display_name%22%3Bs%3A9%3A%22Rob+Hicks%22%3Bs%3A5%3A%22email%22%3Bs%3A20%3A%22lee%40dreamfactory.com%22%3Bs%3A10%3A%22first_name%22%3Bs%3A3%3A%22Rob%22%3Bs%3A9%3A%22last_name%22%3Bs%3A5%3A%22Smith%22%3Bs%3A8%3A%22password%22%3Bs%3A60%3A%22%242a%2413%24x6bj8fWK4owneNoi0WcaUOkyIZVjdetb4VJUYyGRSKrTKm1tt0BzK%22%3Bs%3A16%3A%22df_authenticated%22%3Bb%3A0%3B%7D%7D; expires=Wed, 11-Jun-2014 13:03:06 GMT; path=/
While we recommend using the X-DreamFactory-Session-Token in following calls after the login, which works until the aforementioned garbage collection runs, it will not work indefinitely due to the current header processing. So calls like this…
curl -i -k -3 -X GET http://localhost/rest/db/todo
-H “X-DreamFactory-Application-Name: todojquery”
-H “X-DreamFactory-Session-Token: o4h6bfel1hmslti69e2880ia17”
Will eventually give you the “No valid session” error. What does work is to send the cookies (both of them) generated from the above login, but not the X-DreamFactory-Session-Token which overrides this behavior.
curl -i -k -3 -X GET http://localhost/rest/db/todo
-b “PHPSESSION=onp2sanr1o4sjc41p66b1sgmv6; 279d658aeca916be9eda1385aac9b2fd=94cdd89f843b42d076b701ca53c6f81d00d8cc6fa%3A43A%7Bi%3A0%3Bi%3A11%3Bi%3A1%3Bs%3A203A%22lee%40dreamfactory.com22%3Bi%3A2%3Bi%3A3600%3Bi%3A3%3Ba%3A63A%7Bs3A123A%22display_name22%3Bs%3A93A%22Rob+Hicks22%3Bs%3A53A%22email22%3Bs%3A203A%22lee%40dreamfactory.com%22%3Bs%3A10%3A%22first_name%22%3Bs%3A3%3A%22Rob%22%3Bs%3A9%3A%22last_name%22%3Bs%3A53A%22Smith22%3Bs%3A83A%22password22%3Bs%3A603A%22242a%2413%24x6bj8fWK4owneNoi0WcaUOkyIZVjdetb4VJUYyGRSKrTKm1tt0BzK%22%3Bs%3A16%3A%22df_authenticated%22%3Bb%3A03B7D%7D; expires=Wed, 11-Jun-2014 18:09:05 GMT; path=/” \ -H “X-DreamFactory-Application-Name: todojquery”
This causes the session to be regenerated (though it doesn’t seem to have everything stored in it as we do on login) and processes the call as normal.
Logout kills the duration cookie and the session expires and is garbage collected…
curl -i -k -3 -X DELETE http://localhost/rest/user/session \
-H “X-DreamFactory-Application-Name: todojquery”
-H “X-DreamFactory-Session-Token: o4h6bfel1hmslti69e2880ia17”
Date:Wed, 11 Jun 2014 12:23:20 GMT
Expires:Thu, 19 Nov 1981 08:52:00 GMTKeep-Alive:timeout=5, max=100Set-Cookie:279d658aeca916be9eda1385aac9b2fd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/
Hopefully, this clears thing up for you until there is a permanent fix for this issue which will be in a future release (2.0) - Have a good one, Erik!
- Mark