Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Session Bug in SubDomain #965

Closed
chengyumeng opened this issue Apr 4, 2018 · 0 comments
Closed

Session Bug in SubDomain #965

chengyumeng opened this issue Apr 4, 2018 · 0 comments

Comments

@chengyumeng
Copy link
Contributor

chengyumeng commented Apr 4, 2018

Hi, when I was developing with iris, I discovered that there is a problem that the online environment cannot recurrent in the storage environment and development environment. That is, there is no way for the online environment to achieve real user exit. The differences between the online environment and the returning environment are: 1. The online environment is two instances on k8s(pods), and the stage environment is only one; 2. The online environment is using domain name, for example: https://chengyumeng.github.com (note, not the root domain name), and the stage environment uses IP.

According to my research on the iris code, it is found that the session storage of iris only operates from the instance memory, and does not go back to the backup storage (for example, redis, mysql, etc.) each time. As a result, the session between multiple instances is not shared. However, iris official does not think this is a bug, but a feature, although I think that the official should provide a switch to choose whether to read from memory or multi-instance shared redis, but if the official does not think this is a problem that needs to be solved, I will subsequently develop a third-party session module to help users achieve this requirement. (This part is discussed in: https://github.com/kataras/iris/issues/885 talk a lot, I'm not talking about words)

The second problem I found was probably an iris bug. During the deletion of the session, the second-level domain name was not considered (in fact, the second-level domain name was processed during the COOKIE update). I copied this part of the code, used in the delete COOKIE logic.

No new unit tests have been added.Please review my PR:#964

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

2 participants