On Fri, 2017-01-27 at 16:20 -0500, Ken Goldman wrote: > On 1/19/2017 7:41 AM, Jarkko Sakkinen wrote: > > > > I actually think that the very best solution would be such that > > sessions would be *always* lease based. So when you create a > > session you would always loose within a time limit. > > > > There would not be any special victim selection mechanism. You > > would just loose your session within a time limit. > > I worry about the time limit. > > I have a proposed use case (policy signed) where the user sends the > session nonce along with a "payment" to a vendor and receives back a > signature authorization over the nonce. > > The time could be minutes or even hours.
So the problem is that sessions are a limited resource and we need a way to allocate them when under resource pressure. Leasing is the fairest way I can think of but I'm open to other mechanisms if you propose them. Note that the lease mechanism doesn't mean every session expires after the limit, it just means that every session becomes eligible for reclaim after the limit. If there's no-one else waiting, you can keep your session for hours. James
