Listing Sessions by User Identifier

Question

Listing Sessions by User Identifier

james-d-elliott opened this issue 3 years ago · comments

I have a feeling it's just going to be more logical to implement this downstream rather than trying to implement it in fasthttp/session, but I figured I'd ask what you think anyway - plus, maybe this idea is really desirable for other users.

Authelia is currently using the memory/redis providers of this lib. Basically what we will be intending to do is give users the ability to lookup their active sessions as well as information about the sessions and optionally destroy them. The complication is that we'd have to store and keep track of ID's belonging to each user which likely is fairly impractical.

My only idea in working around this is to implement additional funcs in the interface, that allow getting a list of session ID's belonging to a specific lookup value, which would also require we add funcs to save with the lookup value. Additionally ideally it would include a specific EncodeFunc to encode the lookup key, though this reasonably can be done locally too.

In the example below GetWithUserIdentifier would return all session data for a given UserIdentifier, GetSessionIDs would return a list of session ID's for a given UserIdentifier to be used with Get, SaveWithUserIdentifer would obviously operate the same as Save except it would include the UserIdentifier which would be required to use the other funcs, DestroyWithUserIdentifier would destroy the given session with the given ID provided the given UserIdentifier matched.

type Provider interface {
	Get(id []byte) ([]byte, error)
	GetWithUserIdentifier(userIdentifier []byte) (sessions [][]byte, error)
	GetSessionIDs(userIdentifier []byte) (ids [][]byte, error)
	Save(id, data []byte, expiration time.Duration) error
	SaveWithUserIdentifier(id, userIdentifer, data []byte, expiration time.Duration) error
	Destroy(id []byte) error
	DestroyWithUserIdentifier(id, userIdentifer) error
	Regenerate(id, newID []byte, expiration time.Duration) error
	Count() int
	NeedGC() bool
	GC() error
}

James Elliott · Answer 1 · Wed Jun 16 2021 09:02:05 GMT+0800 (China Standard Time)

Hey @savsgio just wondering if you had time to look at this? I understand you may not want to implement this locally, but it would be nice to know one way or another, and if you do, would like some direction.

After having thought about this a long while, I think it would make more sense to make it a breaking change as part of v3.

Sergio VS · Answer 2 · Thu Jun 24 2021 22:49:45 GMT+0800 (China Standard Time)

Hi @james-d-elliott,

Lately, I'm very busy with my work.
I promise you that i will think about that in a few days.

Thanks!

Amir Zarrinkafsh · Answer 3 · Thu Aug 12 2021 10:14:17 GMT+0800 (China Standard Time)

@savsgio sorry to bother you, I understand you likely are busy with other priorities.

Some guidance on the above request would be appreciated so we can fully understand our options and plan accordingly.

Sergio VS · Answer 4 · Fri Aug 13 2021 19:16:43 GMT+0800 (China Standard Time)

Hi @james-d-elliott and @nightah,

I understand that you need a composed key for the sessions, the sessionId and userId. Maybe it could be useful but that adds more complexity when you could fix it with a "new table" that relates the sessionIds with userIds, something similar as you describe @james-d-elliott at the beginning.

I'm honestly not sure for this change, because the change could add some complexity that could be fixed with an external tracking.

Sergio VS · Answer 5 · Fri Aug 13 2021 19:19:40 GMT+0800 (China Standard Time)

And sorry for my delayed answer, but i've been very busy lately. 😅

James Elliott · Answer 6 · Thu Aug 19 2021 17:55:24 GMT+0800 (China Standard Time)

Thanks for your reply. Now that I think about it we're most likely better of reimplementing the providers we're using (currently memory/redis), and extending the interface specific to our needs.

As long as our interface implements all the same methods as yours and just adds more, we can just ensure it stores it in a method where we can lookup the values we need!

James Elliott · Answer 7 · Fri Aug 20 2021 12:42:52 GMT+0800 (China Standard Time)

@savsgio is this a sufficient preamble for us to make a nearly exact copy of the providers?

For https://github.com/fasthttp/session/blob/master/providers/memory/provider.go:

// SOURCE: https://github.com/fasthttp/session/blob/cd9080042fc350c0b630c401f43e7d5ecee77882/providers/memory/provider.go
// ORIGINAL LICENSE: MIT https://github.com/fasthttp/session/blob/master/LICENSE https://opensource.org/licenses/MIT
// SUB-LICENCE: All changes are licensed under the Apache-2.0 license https://github.com/authelia/authelia/blob/master/LICENSE
// Changes to the original code prior to the first commit were only aesthetic. All other changes are logged via git SCM.

For https://github.com/fasthttp/session/blob/master/providers/redis/provider.go:

// SOURCE: https://github.com/fasthttp/session/blob/cd9080042fc350c0b630c401f43e7d5ecee77882/providers/redis/provider.go
// ORIGINAL LICENSE: MIT https://github.com/fasthttp/session/blob/master/LICENSE https://opensource.org/licenses/MIT
// SUB-LICENCE: All changes are licensed under the Apache-2.0 license https://github.com/authelia/authelia/blob/master/LICENSE
// Changes to the original code prior to the first commit were only aesthetic. All other changes are logged via git SCM.

Sergio VS · Answer 8 · Mon Oct 11 2021 18:43:59 GMT+0800 (China Standard Time)

Hi @james-d-elliott,

Yes, that's okay!

Sorry for delayed answer.