-
Notifications
You must be signed in to change notification settings - Fork 740
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat(gate-web): Add delete session tokens from redis endpoint #1827
feat(gate-web): Add delete session tokens from redis endpoint #1827
Conversation
delete sessions cache code #publish-snapshot fix api tests #publish-snapshot fix sessino service spec test #publish-snapshot
We prefer that non-test backend code be written in Java or Kotlin, rather than Groovy. The following files have been added and written in Groovy:
See our server-side conventions here. |
The following commits need their title changed:
Please format your commit title into the form:
This allows us to easily generate changelogs & determine semantic version numbers when cutting releases. You can read more about commit conventions here. |
gate-web/src/main/groovy/com/netflix/spinnaker/gate/services/SessionService.groovy
Outdated
Show resolved
Hide resolved
gate-web/src/main/groovy/com/netflix/spinnaker/gate/services/SessionService.groovy
Outdated
Show resolved
Hide resolved
…essionService.groovy Co-authored-by: Matt Gogerly <6519811+mattgogerly@users.noreply.github.com>
@juangod-wise can you run |
Done! :) |
The changes you asked for are done.
When Spring Boot is upgraded and old tokens no longer work, users get 500's until they delete the cookies from their browser, which causes bad user experience.
A way around this is to delete the
spring:session*
keys from Redis, as explained here:https://spinnaker.io/changelogs/1.34.0-changelog/#spring-boot-2615
$ redis-cli keys "spring:session*" | xargs redis-cli del
In our case, we don't have CLI access to our Redis instance in Production. Because of this, we wrote a Gate endpoint that deletes the keys from Redis, so it can be triggered in Production with a curl call:
curl -H "Cookie: SESSION=...." -i -X POST https://spinnaker-host/api/v1/auth/deleteSessionCache
I'm sure many other users of Spinnaker have the same issue and could benefit from this.