Authorization Failed when sign in on same account from different devices.
marius-carp opened this issue · comments
Hi guys, I have a question. Why does the session expires when I sign in on the same account from different devices?
I keep my session on Redis.
AuthConfigImpl.scala file. Sorry, I can't provide you the full code.
def resolveUser(token: Id)(implicit ctx: ExecutionContext) = Future.successful{
val account: Option[AuthEntity] = Cache.getAs[AuthEntity](token)
if(account.isDefined) {
Logger.debug("Get User from cache: ")
}
else {
val user = AuthenticateRepository.getConceptUser(token.toInt)
Cache.set(token, auth)
Logger.debug("Get User from DB")
}
}
def loginSucceeded(request: RequestHeader)(implicit ctx: ExecutionContext) = Future.successful{
Redirect(routes.ApplicationController.dashboard())
}
def logoutSucceeded(request: RequestHeader)(implicit ctx: ExecutionContext) = Future.successful{
Redirect(routes.ApplicationController.index()).withNewSession
}
def authenticationFailed(request: RequestHeader)(implicit ctx: ExecutionContext) = Future.successful {
Unauthorized(textToJson("Authentication failed"))
}
def authorizationFailed(request: RequestHeader)(implicit ctx: ExecutionContext) = Future.successful{
Forbidden(textToJson("no permission"))
}
def authorize(auth: User, authority: Authority)(implicit ctx: ExecutionContext) = Future.successful{
(auth.user.role, authority) match {
case (Admin, _) => true
case (SuperUser, SuperUser) => true
case (NormalUser, NormalUser) => true
case _ => false
}
}
Or the problem is from somewhere else? Thank you!
The default implementation expires old sessions at starting new session.
You can customize this behavior by creating custom AsyncIdContainer
.
However I strongly recommend that you provide a way of invalidating session to users.
Would you see this #75
Ok. Thank you a lot. Sorry for opening a new issue and not searching for something similar.
No problem :)
Thanks for using play2-auth