Text only | Text with Images

ElkArte Community

Elk Development => Feature Discussion => Exterminated Features => Topic started by: emanuele on June 16, 2016, 05:11:54 pm

Title: keepalive
Post by: emanuele on June 16, 2016, 05:11:54 pm
I always wondered why there is this "feature" that is coded to call the serve every so often (1200 seconds, 20 minutes), so this evening I decided to dig and try to understand.
Going back to the SMF pre-1.0 code, the first commit message related to that code is:
Quote! Added a Cache-Control header after the session_start() call although I don't really like it. * Added session keep-alive code so that your session shouldn't time out while posting.
and the javascript timeout was set to 600 seconds.

If I got this right, the problem would be posting times or any kind of "action" running for more than 20 minutes could result in a session timeout.
The session is deleted from the database if no activity is detected in "databaseSession_lifetime" or 60 seconds.
The install value of databaseSession_lifetime is 2880 that corresponds to 48 minutes.

A couple of thoughts.
1) 20 minutes of POSTing is likely to fail on most of the "normal" servers. Let alone 48.
2) To generate a POST longer than 20 minutes you have to upload... with my (not that fast) connection about 35MB. Yes, nowadays file are big, but that big would choke most of the servers anyway and would fill up all the space in no time.
3) ...I forgot about it.

So, do you think I got it right?
What would you say if a pull request come up removing it? O:-) <= hypothetical question of course :P
Title: Re: keepalive
Post by: live627 on June 16, 2016, 07:35:24 pm
posting vs POSTing, there is a difference.
Title: Re: keepalive
Post by: emanuele on June 17, 2016, 03:31:03 am
You mean 20+ minutes on the post page?
I didn't think about that, good point...

meh. I have to find another way to get rid of that fake image in index.php then. :P
Title: Re: keepalive
Post by: Ant59 on June 17, 2016, 04:59:40 am
I'm sure I'm being naive here, but why does the session need to be kept alive? Is it not enough to validate the session cookie upon submitting the post?
Title: Re: keepalive
Post by: emanuele on June 17, 2016, 05:52:18 am
The session lives in the database for about 48 minutes, then it is removed.
If you are writing a post and it takes you more than 48 minutes to write it, the checkSession security function will find no session and raise an "your session timeout" error.
True that this is a non-fatal error, so you'd just have to re-post the message, but some people my not notice the fact and "lose" the post, and maybe later complain that the post was removed/not posted.
Title: Re: keepalive
Post by: Joshua Dickerson on June 18, 2016, 03:58:58 pm
I don't see a reason to remove it
Title: Re: keepalive
Post by: Vekseid on July 03, 2016, 06:40:26 am
The proper fix for this would be to have a two-stage posting process where you first fetch a fresh session token.
Text only | Text with Images