I have a custom JSVM middleware plugin w/ “Auth Token” security, that is generating a custom session and setting its expires to now+60s. The “hashedSessionKey” below is what is set as the custom “Auth Token” header for the API
// build session object
var newSessionString = "{\"expires\": "+expires_at+", "+ // THIS IS NOW + 60s
"\"quota_max\": 1000, "+
"\"quota_remaining\":1000, "+
"\"quota_renewal_rate\":"+session_expires_seconds+", "+
"\"alias\":\""+hashedSessionKey+"\", "+
"\"access_rights\": "+
"{ \""+config.config_data.api_id+"\" : "+
"{"+
"\"api_name\": \""+config.config_data.api_name+"\","+
"\"api_id\": \""+config.config_data.api_id+"\","+
"\"versions\": [\"Default\"],"+
"\"allowed_urls\": null"+
"}"+
"}"+
"}";
After this its does the following
TykSetKeyData(hashedSessionKey, JSON.stringify(newSession));
This works fine, and in a test, I have a client making continual requests to this API every second.
What I’ve noticed however is when the last request is made that coincides w/ the session expires, my plugin ensures a new session is created and TykSetKeyData is set succesfully.
The problem is that the middlware returns/exits, and then Tyk rejects the request with
Key has expired, please renew
And this is in the logs
2017-08-03T16:12:51.556954853Z time="Aug 3 16:12:51" level=info msg="curr_epoch=1501776771 new session expires_at:1501776831" type=log-msg
2017-08-03T16:12:51.557408370Z time="Aug 3 16:12:51" level=info msg="new session object = {\"access_rights\":{\"3b30b68340b8492858ea00be8c9b248e\":{\"allowed_urls\":null,\"api_id\":\"3b30b68340b8492858ea00be8c9b248e\",\"api_name\":\"/xx/my/auth/1.0\",\"versions\":[\"Default\"]}},\"alias\":\"5976507eb46f2e00016bb4a13a4e7ca913238ee243102a32d27e56bc\",\"expires\":1501776831,\"quota_max\":1000,\"quota_remaining\":1000,\"quota_renewal_rate\":60}" type=log-msg
2017-08-03T16:12:51.557571137Z time="Aug 3 16:12:51" level=info msg="Reset quota for key." inbound-key="****56bc" key=quota-3e769148
2017-08-03T16:12:51.558528163Z time="Aug 3 16:12:51" level=info msg="Key added or updated." api_id=-- expires=1501776831 key="****56bc" org_id= path=-- server_name=system user_id=system user_ip=--
2017-08-03T16:12:51.559237225Z time="Aug 3 16:12:51" level=info msg="Attempted access from expired key." key=5976507eb46f2e00016bb4a13a4e7ca913238ee243102a32d27e56bc origin=172.18.0.1 path="/xx/my/auth/1.0"
2017-08-03T16:12:51.559272986Z time="Aug 3 16:12:51" level=error msg="request error: Key has expired, please renew" api_id=3b30b68340b8492858ea00be8c9b248e org_id=5976507eb46f2e00016bb4a1 path="/" server_name="http://10.23.16.53:9080/service/myauth" user_id="****56bc" user_ip=172.18.0.1
The next request by the client succeeds.
So the session bound to that key has its expires incremented and set properly via TykSetKeyData
, but the current request fails. What should I do to correct this? Its like the session that I set via TykSetKeyData
is not being used after the middleware returns, but the “old” session is w/ the old expires_at value?