Re: [Dev] Persisting user sessions in database
On Monday, March 16, 2015, Lasitha Wattaladeniya lasit...@wso2.com wrote: Hi Lakshani, Even if the SessionDataPersist/RememberMe is not enabled the logged in user details will be available in the cache (session data will be removed after a time out period). In general session data will be available in cache and also in the session persist database. Therefore you don't have to forcefully put everything to the db, you can access from both cache and db. +1 I think using this info we can show some metadata like 'active', 'persisted' for each user sessions. With this info user can revoke all persisted(remember me enabled) sessions if he want. And user can check what are the active sessions established. Btw this feature will be really cool if we can show the ip and the user-agent\browser which this session is established. AFAIK, we do not maintain this data currently, if so lets add it into roadmap as a improvement. Thanks, Darshana. On Mon, Mar 16, 2015 at 1:42 AM, Lakshani Gamage laksh...@wso2.com javascript:_e(%7B%7D,'cvml','laksh...@wso2.com'); wrote: Hi all, I'm working on my fast track project [1]. I have to monitor logged in users via IS admin console. In the current implementation, logged in user details are saved in database if DBCPersistenceManager.SessionDataPersist.Enable = true. For that we have to enable below config in identity.xml. JDBCPersistenceManager SessionDataPersist Enabletrue/Enable RememberMePeriod60/RememberMePeriod CleanUp Enablefalse/Enable Period1/Period TimeOut60/TimeOut /CleanUp Temporaryfalse/Temporary /SessionDataPersist /JDBCPersistenceManager When above config is not enabled, when a user logs in, that user information is not saved in database. As I have to monitor all the logged in user details, I removed the DBCPersistenceManager.SessionDataPersist.Enable condition checking part from implementation of authentication-framework component. Is this ok? [1]. https://redmine.wso2.com/issues/3188 Thank you. -- Lakshani Gamage *Software Engineer* Mobile : +94 (0) 71 5478184 %2B94%20%280%29%20773%20451194 ___ Dev mailing list Dev@wso2.org javascript:_e(%7B%7D,'cvml','Dev@wso2.org'); http://wso2.org/cgi-bin/mailman/listinfo/dev -- Lasitha Wattaladeniya Software Engineer WSO2, Inc. | http://wso2.com lean. enterprise. middleware Mobile : +94719397528 Blog : techreadme.blogspot.com -- Regards, *Darshana Gunawardana*Software Engineer WSO2 Inc.; http://wso2.com *E-mail: darsh...@wso2.com darsh...@wso2.com* *Mobile: +94718566859*Lean . Enterprise . Middleware ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] Persisting user sessions in database
Hi Lakshani, If *session data persistence* is not enabled, logged in user information should be retrieved from Cache (Information only resides in cache). Therefore you can get logged in user information directly from the cache. If the *session data persistence *is enabled, then you can refer to DB since all the session data is written into DB. Furthermore, If session data persistence is enabled, there can be session data information which are not in cache but still resides in DB (due to cache clearance or invalidation). Therefore in this case the best option is to read session data from DB rather than from the cache. IMO, when the session data persistence is enabled,the better option is to read data from DB. Because if you are reading from cache, you may need to retrieve missing session information from DB (which are not in cache), which is an additional cost since there is no direct attribute to find out whether the particular session information resides only in DB or not. On Mon, Mar 16, 2015 at 1:49 AM, Lakshani Gamage laksh...@wso2.com wrote: Thanks both of you. I will try those options. Thank you. On Mon, Mar 16, 2015 at 11:03 AM, Lasitha Wattaladeniya lasit...@wso2.com wrote: Hi Lakshani, Even if the SessionDataPersist/RememberMe is not enabled the logged in user details will be available in the cache (session data will be removed after a time out period). In general session data will be available in cache and also in the session persist database. Therefore you don't have to forcefully put everything to the db, you can access from both cache and db. On Mon, Mar 16, 2015 at 1:42 AM, Lakshani Gamage laksh...@wso2.com wrote: Hi all, I'm working on my fast track project [1]. I have to monitor logged in users via IS admin console. In the current implementation, logged in user details are saved in database if DBCPersistenceManager.SessionDataPersist.Enable = true. For that we have to enable below config in identity.xml. JDBCPersistenceManager SessionDataPersist Enabletrue/Enable RememberMePeriod60/RememberMePeriod CleanUp Enablefalse/Enable Period1/Period TimeOut60/TimeOut /CleanUp Temporaryfalse/Temporary /SessionDataPersist /JDBCPersistenceManager When above config is not enabled, when a user logs in, that user information is not saved in database. As I have to monitor all the logged in user details, I removed the DBCPersistenceManager.SessionDataPersist.Enable condition checking part from implementation of authentication-framework component. Is this ok? [1]. https://redmine.wso2.com/issues/3188 Thank you. -- Lakshani Gamage *Software Engineer* Mobile : +94 (0) 71 5478184 %2B94%20%280%29%20773%20451194 ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev -- Lasitha Wattaladeniya Software Engineer WSO2, Inc. | http://wso2.com lean. enterprise. middleware Mobile : +94719397528 Blog : techreadme.blogspot.com -- Lakshani Gamage *Software Engineer* Mobile : +94 (0) 71 5478184 %2B94%20%280%29%20773%20451194 ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev -- Hasintha Indrajee Software Engineer WSO2, Inc. Mobile:+94 771892453 ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
[Dev] Persisting user sessions in database
Hi all, I'm working on my fast track project [1]. I have to monitor logged in users via IS admin console. In the current implementation, logged in user details are saved in database if DBCPersistenceManager.SessionDataPersist.Enable = true. For that we have to enable below config in identity.xml. JDBCPersistenceManager SessionDataPersist Enabletrue/Enable RememberMePeriod60/RememberMePeriod CleanUp Enablefalse/Enable Period1/Period TimeOut60/TimeOut /CleanUp Temporaryfalse/Temporary /SessionDataPersist /JDBCPersistenceManager When above config is not enabled, when a user logs in, that user information is not saved in database. As I have to monitor all the logged in user details, I removed the DBCPersistenceManager.SessionDataPersist.Enable condition checking part from implementation of authentication-framework component. Is this ok? [1]. https://redmine.wso2.com/issues/3188 Thank you. -- Lakshani Gamage *Software Engineer* Mobile : +94 (0) 71 5478184 %2B94%20%280%29%20773%20451194 ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] Persisting user sessions in database
Hi Lakshani, IMO we shouldn't make the session data persistence enabled by default. We should support enabling and disabling. Here when we enable this feature, it writes all the login session details to the database and also reads from database when necessary. Session data clean up task runs periodically and it deletes expired sessions. So if this feature is enabled, it increases DB write/read operations which can cause a reduction of performance. Considering this I think it's better if it's needed to monitor the login activities, they have to enable session data persistence. Regards, Tharindu On Mon, Mar 16, 2015 at 1:42 AM, Lakshani Gamage laksh...@wso2.com wrote: Hi all, I'm working on my fast track project [1]. I have to monitor logged in users via IS admin console. In the current implementation, logged in user details are saved in database if DBCPersistenceManager.SessionDataPersist.Enable = true. For that we have to enable below config in identity.xml. JDBCPersistenceManager SessionDataPersist Enabletrue/Enable RememberMePeriod60/RememberMePeriod CleanUp Enablefalse/Enable Period1/Period TimeOut60/TimeOut /CleanUp Temporaryfalse/Temporary /SessionDataPersist /JDBCPersistenceManager When above config is not enabled, when a user logs in, that user information is not saved in database. As I have to monitor all the logged in user details, I removed the DBCPersistenceManager.SessionDataPersist.Enable condition checking part from implementation of authentication-framework component. Is this ok? [1]. https://redmine.wso2.com/issues/3188 Thank you. -- Lakshani Gamage *Software Engineer* Mobile : +94 (0) 71 5478184 %2B94%20%280%29%20773%20451194 ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev -- Tharindu Edirisinghe Software Engineer | WSO2 Inc Identity Server Team mobile : +94 775 181586 ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] Persisting user sessions in database
Hi Lakshani, Even if the SessionDataPersist/RememberMe is not enabled the logged in user details will be available in the cache (session data will be removed after a time out period). In general session data will be available in cache and also in the session persist database. Therefore you don't have to forcefully put everything to the db, you can access from both cache and db. On Mon, Mar 16, 2015 at 1:42 AM, Lakshani Gamage laksh...@wso2.com wrote: Hi all, I'm working on my fast track project [1]. I have to monitor logged in users via IS admin console. In the current implementation, logged in user details are saved in database if DBCPersistenceManager.SessionDataPersist.Enable = true. For that we have to enable below config in identity.xml. JDBCPersistenceManager SessionDataPersist Enabletrue/Enable RememberMePeriod60/RememberMePeriod CleanUp Enablefalse/Enable Period1/Period TimeOut60/TimeOut /CleanUp Temporaryfalse/Temporary /SessionDataPersist /JDBCPersistenceManager When above config is not enabled, when a user logs in, that user information is not saved in database. As I have to monitor all the logged in user details, I removed the DBCPersistenceManager.SessionDataPersist.Enable condition checking part from implementation of authentication-framework component. Is this ok? [1]. https://redmine.wso2.com/issues/3188 Thank you. -- Lakshani Gamage *Software Engineer* Mobile : +94 (0) 71 5478184 %2B94%20%280%29%20773%20451194 ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev -- Lasitha Wattaladeniya Software Engineer WSO2, Inc. | http://wso2.com lean. enterprise. middleware Mobile : +94719397528 Blog : techreadme.blogspot.com ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] Persisting user sessions in database
Thanks both of you. I will try those options. Thank you. On Mon, Mar 16, 2015 at 11:03 AM, Lasitha Wattaladeniya lasit...@wso2.com wrote: Hi Lakshani, Even if the SessionDataPersist/RememberMe is not enabled the logged in user details will be available in the cache (session data will be removed after a time out period). In general session data will be available in cache and also in the session persist database. Therefore you don't have to forcefully put everything to the db, you can access from both cache and db. On Mon, Mar 16, 2015 at 1:42 AM, Lakshani Gamage laksh...@wso2.com wrote: Hi all, I'm working on my fast track project [1]. I have to monitor logged in users via IS admin console. In the current implementation, logged in user details are saved in database if DBCPersistenceManager.SessionDataPersist.Enable = true. For that we have to enable below config in identity.xml. JDBCPersistenceManager SessionDataPersist Enabletrue/Enable RememberMePeriod60/RememberMePeriod CleanUp Enablefalse/Enable Period1/Period TimeOut60/TimeOut /CleanUp Temporaryfalse/Temporary /SessionDataPersist /JDBCPersistenceManager When above config is not enabled, when a user logs in, that user information is not saved in database. As I have to monitor all the logged in user details, I removed the DBCPersistenceManager.SessionDataPersist.Enable condition checking part from implementation of authentication-framework component. Is this ok? [1]. https://redmine.wso2.com/issues/3188 Thank you. -- Lakshani Gamage *Software Engineer* Mobile : +94 (0) 71 5478184 %2B94%20%280%29%20773%20451194 ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev -- Lasitha Wattaladeniya Software Engineer WSO2, Inc. | http://wso2.com lean. enterprise. middleware Mobile : +94719397528 Blog : techreadme.blogspot.com -- Lakshani Gamage *Software Engineer* Mobile : +94 (0) 71 5478184 %2B94%20%280%29%20773%20451194 ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev