Partial flush of request

[luis.va...@metamaxzone.com]

Hello!

Im creating a website with a microservices architecture, and for authentication i'm using JWT token stored in the cookies, this tokens are automatically renewed each 5 minutes, the basic flow of this is:

1 My front end makes a request to a microservice
2 The microservice check if the token its expired
3 If its expired check if its the same stored in our database
4 If its the same generate a new token, and send it to the front end
4.1 If its not the same answer a Non-authorized response to the front end
5 My web2py front end will change the token cookie for the new one.

My problem happens if (by any problem) i get a ticket on web2py, when this happens the new cookie are not sended in the response, the user still storing the old token, and the next time it makes a petition the step 3 isnt found and close the user session

So, bottom line: What i want to do is "flush" (Php like: http://php.net/manual/es/function.flush.php) the cookie to the browser and after that still managing the response (because i want to format the response, send to a view...)

Its important to say that the functionality of token renewal and request is stored in a module

Thanks a lot!

[Anthony]

On Saturday, October 1, 2016 at 9:52:18 AM UTC-4, luis.va...@metamaxzone.com wrote:

Hello!

Im creating a website with a microservices architecture, and for authentication i'm using JWT token stored in the cookies, this tokens are automatically renewed each 5 minutes, the basic flow of this is:

1 My front end makes a request to a microservice
2 The microservice check if the token its expired
3 If its expired check if its the same stored in our database
4 If its the same generate a new token, and send it to the front end
4.1 If its not the same answer a Non-authorized response to the front end
5 My web2py front end will change the token cookie for the new one.

My problem happens if (by any problem) i get a ticket on web2py, when this happens the new cookie are not sended in the response, the user still storing the old token, and the next time it makes a petition the step 3 isnt found and close the user session

Are you saying the record is not in the database on the next attempt? If not, why not? What happens to the record during the initial request?

Anthony

[Luis Valladares]

They expire, when I generate a new token I store it in the database and send to the user browser, each time the token is expired I generate a new one, overwrite the token in the database (and because this the other token is lost) and sent to the user.

But that's not really my problem (maybe I don't explain it well in the last post) what I want to do is send a partial response to the user browser and then keep processing. specifically I want to set a cookie in the browser and then I will continue data processing.

Thanks for your help Anthony!

--
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
---
You received this message because you are subscribed to a topic in the Google Groups "web2py-users" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/web2py/Dx52cLv-8-Y/unsubscribe.
To unsubscribe from this group and all its topics, send an email to web2py+un...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Anthony]

On Saturday, October 1, 2016 at 4:19:59 PM UTC-4, Luis Valladares wrote:

They expire, when I generate a new token I store it in the database and send to the user browser, each time the token is expired I generate a new one, overwrite the token in the database (and because this the other token is lost) and sent to the user.

I'm not sure I understand. Every HTTP request is wrapped in a database transaction, so if an error occurs during a request, any database operations that had been made prior to the error will be rolled back before returning the error response. So, how is it that your token overwriting is not being rolled back upon error?

It may help if you show some code so we can see what is going on.

Anthony

[Luis Valladares]

Because my application has a microservice architecture, this means there is another app storing the token in the database and the only thing my web2py front end does is make a http request to that microservice and format the received data, but if during that formatting some exception is raised I lost all the content (in this case the token) that I want to send in request.cookies, this mean the user still have the old token when the microservice already have changed that token in their database.

El sáb., oct. 1, 2016 9:40 PM, Anthony <abas...@gmail.com> escribió:

On Saturday, October 1, 2016 at 4:19:59 PM UTC-4, Luis Valladares wrote:

They expire, when I generate a new token I store it in the database and send to the user browser, each time the token is expired I generate a new one, overwrite the token in the database (and because this the other token is lost) and sent to the user.

I'm not sure I understand. Every HTTP request is wrapped in a database transaction, so if an error occurs during a request, any database operations that had been made prior to the error will be rolled back before returning the error response. So, how is it that your token overwriting is not being rolled back upon error?

Anthony

[Anthony]

On Sunday, October 2, 2016 at 7:52:04 AM UTC-4, Luis Valladares wrote:

Because my application has a microservice architecture, this means there is another app storing the token in the database and the only thing my web2py front end does is make a http request to that microservice and format the received data, but if during that formatting some exception is raised I lost all the content (in this case the token) that I want to send in request.cookies, this mean the user still have the old token when the microservice already have changed that token in their database.

You could either wrap your web2py code in a try/except to ensure you catch any errors directly, or use routes_onerror in routes.py to route any errors to a separate error handling app/controller (in the latter case, you'll need to make sure the relevant token data have been saved somewhere the error handler can access).

Anthony

[luis.va...@metamaxzone.com]

The second sounds good to me, but i dont know really where to store it, my front end is REST and has no database connected to it, all the info i get its from microservices, so i need some sort of variable or environment space where to store the token when i receive it and retrieve it in the case of an error, there is anything like that in web2py?

[Anthony]

On Sunday, October 2, 2016 at 11:26:11 PM UTC-4, luis.va...@metamaxzone.com wrote:

The second sounds good to me, but i dont know really where to store it, my front end is REST and has no database connected to it, all the info i get its from microservices, so i need some sort of variable or environment space where to store the token when i receive it and retrieve it in the case of an error, there is anything like that in web2py?

Well, the error handler receives request.env.request_uri via the requested_uri query string parameter, so you might be able to do something like:

    request.env.request_uri += '&token=%s' % token

Then in the error handler, you would have to parse request.vars.request_uri to extract the token.

Alternatively, this might work:

    request.wsgi.environ['token'] = token

Note, I haven't tried either of the above, so not sure if they will work.

Anthony

[luis.va...@metamaxzone.com]

That sounds really promising, thanks a lot! i will test it ASAP and if i have any troubles i will comeback here.