pmalmsten / cosmosdb-extensions-sessiontokens-aspnet Goto Github PK
View Code? Open in Web Editor NEWCosmos DB extensions for managing session tokens with ASP.NET
License: MIT License
Cosmos DB extensions for managing session tokens with ASP.NET
License: MIT License
Cosmos DB only changes session token values on writes. Furthermore, the current version of this code saves the session token for any response from Cosmos DB, whether it is a read or a write. Given that, there is a possible data race where a concurrent read that finishes after a concurrent write could overwrite the current session token for the current request context with an old session token value.
Example scenario:
await
s both requests.Preferred behavior:
When the async read request completes (step 6), it should not overwrite the session token value saved from the write in step 5.
Cosmos DB session tokens may expire. If a client calls the app and receives a session token (e.g. in a cookie), and then waits an extended period before calling the app/API again, the session token may have expired.
The Cosmos DB SDK throws an exception when a session token is invalid - it most likely does the same when a session token has expired. What that occurs, the container interceptor should not application code to fail.
Instead, the container interceptor should most likely retry the request once without setting a session token on the request, so that Cosmos DB can issue a new session token which we can include as the new value for the cookie on the response.
To minimize the total size of generated HTTP headers, the combination of account URI, database name, and container name are hashed, and the resulting hash is truncated to a shorter integer (currently between 0 and 1,000,000).
The probability of collisions is relatively low, but the possibility of it happening is may be non-trivial when large numbers of containers are involved (e.g. 50 containers).
We should do the right thing if/when that happens. To start brainstorming, this might include some combination of:
According to the Cosmos DB REST API documentation, session tokens are scoped per collection: https://learn.microsoft.com/en-us/rest/api/cosmos-db/common-cosmosdb-rest-response-headers
At present, session token cookies set by this middleware only include database name - they do not include account name, or collection name.
We need to ensure that session token cookies 1) are separate for databases in different cosmos DB accounts, and 2) are separate for different collections (aka. containers) in a single account.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.