https://kotlinlang.org logo
Join Slack
Powered by
Hello ! Just a question not a problem :slightly_sm...
# ktor
v
Hello ! Just a question not a problem 🙂 I use session feature with header. When I inspect my request, I have my header who is send but for each request ktor send another header different than mine, why please ?
âś… 1
d
who is the client? a browser? or a ktor http client?
v
The client is a react app. For example, when I do a request to take all the users, I send my header and ktor respond with another ktor while I put any code doing that…
For example i send this header 004313337815f3792666ed0ee3045238/590157af1a087e8743faf99ec138935ff01993c4c83d4f9ca62fefb22e02feff03c4533c5f23a661970f838cd36773648558dd56f1280c47b611aabc19fbedab32a2587510197ee8504a5bf536a27763552637597d2d2700d0563f27a210a462:626ffb8d962c9d3ca8c2a30d7bddc6f018892223717885f099061cbe8beee711
and ktor respond with this : aaa770ad07ace931c01e02663a3f91dd/f864c77dee8413b006747a7011935edebd730712caab3372bab8ed8b90603d6a776eb81bb23c95f12f1d8979608adb013f1c6e9381f6b6bf5aeab90fbdd4ffc930bb03011c0913895382d1b5d766a0028a24329f3a12a8900b71c63d4f15712e:626ffb8d962c9d3ca8c2a30d7bddc6f018892223717885f099061cbe8beee711
just the end is similar
d
oh I see
yeah, that’s normal I guess
that’s because you are using client-side sessions
if the session content has changed
the returned header is different
v
Yes I use client side
d
if you want it to be constant
v
But why ktor returns an header for each request ?
d
you should use server-side sessions
v
I just want to have an header when I authenticate but not after
d
well that’s what the session feature is for
a session is used to keep information across requests
so it always return the new session
it’s the expected behaviour
v
But the informations are the same, I just put email and a TTL inside so why the header change please ?
So the TTL is updated for each request ?
d
how are you configuring the session feature?
v
this.sessions.set(AnniaSession(responseJson.id, responseJson.email, formatDate.format(Date())))
install(Sessions) { header<AnniaSession>(“ANNIA_SESSION”) { transform(SessionTransportTransformerEncrypt(secretEncryptKey, secretAuthKey)) //Use AES and HmacSHA256 } }
the responseJson come from google auth
d
well you are doing
formatDate.format(Date()))
the Date changes everytime
and since you are using AES, the whole payload would change for a single changed bit
v
Ok so I need to put the TTL in a variable and after set the session ?
d
no matter where you do it, if you set the sesssions.set with different values, it will change everytime
if you don’t want the header to change and need to mutate stuff, you should use server-side sessions
v
Ys but I call session set just when The user authenticate and not after so why ktor call .set for each request ?
No it’s not a problem I just try to understand why 🙂
d
are you sure you are not changing it?
for testing purposes I suggest you
to remove the sessiontransformer
remove the AES
and you will be able to see the content
and discover why it is changing
v
I will try thanks
đź‘Ť 1
I just try, it’s exactly the same informations…
d
so without AES
it doesn’t change?
v
Yes, I have exactly the same text but with AES I don’t have the same..
d
everytime it is generated
it uses a different secure seed
I’m recalling now. It is done so the client doesn’t know if the session has changed or not
if you don’t want this to happen
you can set your own ivGenerator
and return something constant
not sure if a good idea
v
No it’s good to change, I just would know why 🙂 Thank you very much for the explications, have a good day !
d
okay 🙂 glad to be able to help you! have a nice day you too!
Open in Slack
PreviousNext
Powered by