login bug

[johncarlosbaez]

When I tried 'Sign in with Google' on spnetwork just now, I got this error message:

500 Internal Server Error

The server encountered an unexpected condition which prevented it from fulfilling the request.

Traceback (most recent call last):
File "/home/spnet/webapps/spnet/lib/python2.7/CherryPy-3.2.0-py2.7.egg/cherrypy/_cprequest.py", line 645, in respond
response.body = self.handler()
File "/home/spnet/webapps/spnet/lib/python2.7/CherryPy-3.2.0-py2.7.egg/cherrypy/lib/encoding.py", line 188, in call
self.body = self.oldhandler(_args, *_kwargs)
File "/home/spnet/webapps/spnet/lib/python2.7/CherryPy-3.2.0-py2.7.egg/cherrypy/_cpdispatch.py", line 29, in call
return self.callable(_self.args, *_self.kwargs)
File "/home/spnet/webapps/spnet/spnet/spnet/web.py", line 73, in oauth2callback
oauth = get_session()['gplus_oauth']
File "/home/spnet/webapps/spnet/lib/python2.7/CherryPy-3.2.0-py2.7.egg/cherrypy/init.py", line 226, in getitem
return child[key]
File "/home/spnet/webapps/spnet/lib/python2.7/CherryPy-3.2.0-py2.7.egg/cherrypy/lib/sessions.py", line 255, in getitem
return self._data[key]
KeyError: 'gplus_oauth'

I may already be logged in - I don't know. But still....

[cjlee112]

Was there a delay between the time you clicked the "Sign in with Google" button, and the appearance of this error message?

This message implies that your session expired in between the time you clicked Sign In and the time that Google called us back with the sign-in info. Sessions expire once per day, so it would seem pretty uncommon for that to happen right during the brief time the sign-in process is ongoing.

Unless we can find a circumstance in which this error occurs reproducibly, I suggest we just implement a rational error message like "Your session appears to have expired. Please sign-in again."

[cjlee112]

Clarification: "session" and "signed in" are two independent things. Any time anybody points their browser at selectedpapers.net, it registers a "session" for them (regardless of whether they are signed in); the session allows the site to recognize that subsequent requests are all from "the same person". Signing in simply attaches an authenticated Google+ identity to that session. Signing out forces the session to expire (i.e. a new session is created for that client). As a general rule, sessions automatically expire, otherwise once someone signed in on a given computer, they'd be signed in potentially forever on that computer (at least until they reboot). We made our session expiration time long (24 hours) because some people complained "when I came back to my selectedpapers.net page the next morning, it signed me out".

[kim-em]

24 hours actually doesn't seem that long. Even my gmail session is more persistent than that. Why is being "signed in potentially forever" a problem?

On Sep 19, 2013, at 2:07, cjlee112 notifications@github.com wrote:

Clarification: "session" and "signed in" are two independent things. Any time anybody points their browser at selectedpapers.net, it registers a "session" for them (regardless of whether they are signed in); the session allows the site to recognize that subsequent requests are all from "the same person". Signing in simply attaches an authenticated Google+ identity to that session. Signing out forces the session to expire (i.e. a new session is created for that client). As a general rule, sessions automatically expire, otherwise once someone signed in on a given computer, they'd be signed in potentially forever on that computer (at least until they reboot). We made our session expiration time long (24 hours) because some people complained "when I came back to my selectedpapers.net page the next morning, it signed me out".

—
Reply to this email directly or view it on GitHub.