#4291 closed Defect (fixed)
REST API auth_token shouldn't be unique for (user_guid, site_id)
| Reported by: | srokap | Owned by: | |
|---|---|---|---|
| Priority: | normal | Milestone: | Elgg 1.8.4 |
| Component: | Core | Version: | 1.8.1b1 |
| Severity: | major | Keywords: | |
| Cc: | brett@… | Difficulty: |
Description
We are developing system that uses REST API in distributed environment, and we found out that Elgg requires to have at most one auth_token for pair (user_guid, site_id). We want to allow situations when two separate tokens for the same user are issued from different clients and don't overwrite each other. The change in DB schema is necessary:
ALTER TABLE `{$CONFIG->dbprefix}users_apisessions` DROP INDEX `user_guid` ,
ADD INDEX `user_guid` ( `user_guid` , `site_guid` )
All related functions seem to be completely fine to support such change and even the name get_user_tokens or javadoc suggest that we should allow multiple tokens (That's why i post this tickat as defect).
Change History (5)
comment:1 Changed 16 months ago by cash
- Milestone changed from Needs Review to Elgg 1.8.4
comment:2 Changed 16 months ago by srokap
comment:3 Changed 16 months ago by cash
Thanks for the info
comment:4 Changed 13 months ago by Brett Profitt
- Resolution set to fixed
- Status changed from new to closed
Fixes #4291. Removing the unique index on user and site guids in the users_apisessions table.
Changeset: 8b1036819422049d81bca3384259ac2f74e7a27a
comment:5 Changed 12 months ago by Brett Profitt
Fixes #4291. Removing the unique index on user and site guids in the users_apisessions table.
Changeset: 8b1036819422049d81bca3384259ac2f74e7a27a
I think it's worth noting, that we had no problems at all after introducing this change to our production installation.