You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The only way I can see for an existing session to be returned is if an existing session_id gets extracted from either: the HTTP args, the request headers, or the token in the websocket subprotocol header.
Do we need three separate mechanisms for this? Can we drop HTTP arg processing for session ids and insist that it only be sent in an actual request header or token? I would have been worried about server_session but as a matter of fact it was already updated to use the request headers at some point: https://github.com/bokeh/bokeh/blob/branch-3.5/src/bokeh/embed/server.py#L233 Is there some other usage in Bokeh, or for users, that demands an HTTP args approach?
For that matter, is there any way we could we drop all HTTP args? IIRC the processing and handling of these is quite gorpy and complicated.
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
Prompted by looking up some old code for this discussion: https://discourse.bokeh.org/t/sessions-reused-when-behind-iis-proxy/11501
Specifically:
Do we need three separate mechanisms for this? Can we drop HTTP arg processing for session ids and insist that it only be sent in an actual request header or token? I would have been worried about
server_session
but as a matter of fact it was already updated to use the request headers at some point: https://github.com/bokeh/bokeh/blob/branch-3.5/src/bokeh/embed/server.py#L233 Is there some other usage in Bokeh, or for users, that demands an HTTP args approach?For that matter, is there any way we could we drop all HTTP args? IIRC the processing and handling of these is quite gorpy and complicated.
cc @bokeh/dev
Beta Was this translation helpful? Give feedback.
All reactions