Update Sync Gateway Session Timeout - through DB document


#1

On my application I need to extend the user session, but Sync Gateway REST Api don’t have a put method to extend the expiration time.
And I’m creating a function to update the expiration meta data of the session document direct on the database.
Something like this

var couchbaseObj = require(‘couchbase’)
var clusterObj = new couchbaseObj.Cluster(‘couchbase://127.0.0.1’)
// For Couchbase > 4.5 with RBAC Auth
clusterObj.authenticate(‘user’, ‘password’)
var bucketObj = clusterObj.openBucket(‘data’)

bucketObj.getAndTouch(sessionKey, 10000, function (err, result) {
if (err) {
return(err)
}
return(null)
})

My question is, what is the risk of doing this? Is there a better way to update the session expiration time on Sync Gateway? Why Sync Gateway don’t have a put method to update session?


#2

A blog post by Priya should answer this question:

https://blog.couchbase.com/database-sizes-and-conflict-resolution/

Look under Document Expiration -> On Sync Gateway section.


#3

Thank you for your response.
Can you explain why sync gateway only have POST , GET and DELETE methods for /{db}/_session
Why there is not a PUT method? And what is the risk of update it, the sync gateway session object (id = _sync:session:XXXX) direct on the data base?


#4

An authentication session object simply indicates that a user has been authenticated and can use the session object as an authentication token. The token is limited by the TTL/expirationDate. The TTL gets extended automatically, it is explained in our documentation:

https://docs.couchbase.com/sync-gateway/2.1/admin-rest-api.html#/session/post__db___session

That’s the reason why we have POST (to create), GET (to retrieve), and DELETE (to delete before expiration).

It is against the best practices to edit “_sync” documents directly, since your changes may have unexpected consequences, and the structure of such documents can change in new versions of Sync Gateway.