Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

User sessions are in Redis #52

Open
slashnick opened this issue Aug 29, 2017 · 1 comment
Open

User sessions are in Redis #52

slashnick opened this issue Aug 29, 2017 · 1 comment
Assignees
@slashnick

Comments

@slashnick
Copy link
Contributor

We use Redis to get the user for a request. Pretty sure I'm to blame for this code:

https://github.com/WhiteHatCP/wrath-ctf-framework/blob/49724ba89fe9f0f6736c80752c3ddc7b281740cf/ctf/frontend.py#L22-L32

https://github.com/WhiteHatCP/wrath-ctf-framework/blob/49724ba89fe9f0f6736c80752c3ddc7b281740cf/ctf/core.py#L92-L96

We have a signed cookie that contains a key, and look up that key in Redis to get the user id, then look up that user from the db. Why not just... store the user id in the signed cookie?

The one benefit to storing stuff in Redis is that we can revoke specific user sessions at any time. But for this application, that doesn't seem like a useful thing to be able to do.
@slashnick slashnick self-assigned this Aug 29, 2017
@slashnick slashnick mentioned this issue Oct 31, 2017
Closed
@maxzinkus
Copy link
Contributor

Nice, yeah agree that revocation isn't needed.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@slashnick slashnick

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Get rid of redis in user sessions
2 participants
@slashnick @maxzinkus