On Mon, Feb 10, 2014 at 5:49 PM, Isuru Perera <[email protected]> wrote:
> Hi, > > The back end has secured REST endpoints. The CLI is keeping the > authentication details in the memory. AFAIK, the CLI passes the > authentication details for each request. > > I'm not sure about the recent changes for the CLI. > > 1. If the CLI user is authenticated only once, the back end should > maintain a session and clear the session after a certain idle time. > 2. If the CLI user is authenticated for every request, the CLI may > implement a timeout. > > So, I think #2 should be the solution, if there is a real need for a > session timeout. > +1. This is the correct fix in my opinion as well. Rest API should not be keeping any state. AFAIK usually all details required should be passed to the Rest API in each invocation. > > Thanks! > > On Mon, Feb 10, 2014 at 4:43 PM, Pradeep Fernando <[email protected]>wrote: > >> Hi Manula, >> >> CLI is a client side thing. If there are session thing that should be >> handle at the backend right. (?) >> >> >> On Mon, Feb 10, 2014 at 2:20 PM, Manula Chathurika Thantriwatte < >> [email protected]> wrote: >> >>> Hi All, >>> >>> Is it necessary to have $subject, because we are using REST in CLI. So >>> do we need automatically sign out after some idea timeout of the CLI ? >>> >>> >>> -- >>> Regards, >>> Manula Chathurika Thantriwatte >>> Software Engineer >>> WSO2 Inc. : http://wso2.com >>> lean . enterprise . middleware >>> >>> email : [email protected] / [email protected] >>> phone : +94 772492511 >>> blog : http://manulachathurika.blogspot.com/ >>> >>> >>> >>> >> >> >> -- >> Pradeep Fernando. >> http://pradeepfernando.blogspot.com/ >> > > > > -- > Isuru Perera > Senior Software Engineer | WSO2, Inc. | http://wso2.com/ > Lean . Enterprise . Middleware > > about.me/chrishantha > -- Thanks and Regards, Isuru H. +94 716 358 048* <http://wso2.com/>*
