Details
diff --git a/azkaban-common/src/main/java/azkaban/server/session/SessionCache.java b/azkaban-common/src/main/java/azkaban/server/session/SessionCache.java
index 8c29a0d..a2147b3 100644
--- a/azkaban-common/src/main/java/azkaban/server/session/SessionCache.java
+++ b/azkaban-common/src/main/java/azkaban/server/session/SessionCache.java
@@ -28,12 +28,12 @@ import java.util.concurrent.TimeUnit;
* The following global azkaban properties can be used: max.num.sessions - used
* to determine the number of live sessions that azkaban will handle. Default is
* 10000 session.time.to.live -Number of seconds before session expires. Default
- * set to 1 days.
+ * set to 10 hours.
*/
public class SessionCache {
private static final int MAX_NUM_SESSIONS = 10000;
- private static final long SESSION_TIME_TO_LIVE = 24 * 60 * 60 * 1000L;
+ private static final long SESSION_TIME_TO_LIVE = 10 * 60 * 60 * 1000L;
// private CacheManager manager = CacheManager.create();
private final Cache<String, Session> cache;
diff --git a/azkaban-web-server/src/main/java/azkaban/webapp/servlet/LoginAbstractAzkabanServlet.java b/azkaban-web-server/src/main/java/azkaban/webapp/servlet/LoginAbstractAzkabanServlet.java
index 6aa3723..4fc1fe2 100644
--- a/azkaban-web-server/src/main/java/azkaban/webapp/servlet/LoginAbstractAzkabanServlet.java
+++ b/azkaban-web-server/src/main/java/azkaban/webapp/servlet/LoginAbstractAzkabanServlet.java
@@ -228,7 +228,6 @@ public abstract class LoginAbstractAzkabanServlet extends
private Session getSessionFromRequest(final HttpServletRequest req)
throws ServletException {
- final String remoteIp = getRealClientIpAddr(req);
final Cookie cookie = getCookieByName(req, SESSION_ID_NAME);
String sessionId = null;
@@ -239,21 +238,15 @@ public abstract class LoginAbstractAzkabanServlet extends
if (sessionId == null && hasParam(req, "session.id")) {
sessionId = getParam(req, "session.id");
}
- return getSessionFromSessionId(sessionId, remoteIp);
+ return getSessionFromSessionId(sessionId);
}
- private Session getSessionFromSessionId(final String sessionId, final String remoteIp) {
+ private Session getSessionFromSessionId(final String sessionId) {
if (sessionId == null) {
return null;
}
- final Session session = getApplication().getSessionCache().getSession(sessionId);
- // Check if the IP's are equal. If not, we invalidate the sesson.
- if (session == null || !remoteIp.equals(session.getIp())) {
- return null;
- }
-
- return session;
+ return getApplication().getSessionCache().getSession(sessionId);
}
private void handleLogin(final HttpServletRequest req, final HttpServletResponse resp)
@@ -290,9 +283,8 @@ public abstract class LoginAbstractAzkabanServlet extends
// See if the session id is properly set.
if (params.containsKey("session.id")) {
final String sessionId = (String) params.get("session.id");
- final String ip = getRealClientIpAddr(req);
- session = getSessionFromSessionId(sessionId, ip);
+ session = getSessionFromSessionId(sessionId);
if (session != null) {
handleMultiformPost(req, resp, params, session);
return;
diff --git a/azkaban-web-server/src/restli/java/azkaban/restli/ProjectManagerResource.java b/azkaban-web-server/src/restli/java/azkaban/restli/ProjectManagerResource.java
index 2d6fa62..1db7c34 100644
--- a/azkaban-web-server/src/restli/java/azkaban/restli/ProjectManagerResource.java
+++ b/azkaban-web-server/src/restli/java/azkaban/restli/ProjectManagerResource.java
@@ -59,7 +59,7 @@ public class ProjectManagerResource extends ResourceContextHolder {
logger.info("Deploy called. {projectName: " + projectName + ", packageUrl:" + packageUrl + "}");
final String ip = ResourceUtils.getRealClientIpAddr(this.getContext());
- final User user = ResourceUtils.getUserFromSessionId(sessionId, ip);
+ final User user = ResourceUtils.getUserFromSessionId(sessionId);
final ProjectManager projectManager = getAzkaban().getProjectManager();
final Project project = projectManager.getProject(projectName);
if (project == null) {
diff --git a/azkaban-web-server/src/restli/java/azkaban/restli/ResourceUtils.java b/azkaban-web-server/src/restli/java/azkaban/restli/ResourceUtils.java
index e55e555..a45d025 100644
--- a/azkaban-web-server/src/restli/java/azkaban/restli/ResourceUtils.java
+++ b/azkaban-web-server/src/restli/java/azkaban/restli/ResourceUtils.java
@@ -47,14 +47,12 @@ public class ResourceUtils {
return false;
}
- public static User getUserFromSessionId(final String sessionId, final String ip)
+ public static User getUserFromSessionId(final String sessionId)
throws UserManagerException {
final Session session =
AzkabanWebServer.getInstance().getSessionCache().getSession(sessionId);
if (session == null) {
throw new UserManagerException("Invalid session. Login required");
- } else if (!session.getIp().equals(ip)) {
- throw new UserManagerException("Invalid session. Session expired.");
}
return session.getUser();
diff --git a/azkaban-web-server/src/restli/java/azkaban/restli/UserManagerResource.java b/azkaban-web-server/src/restli/java/azkaban/restli/UserManagerResource.java
index 0bbed0f..1b9b783 100644
--- a/azkaban-web-server/src/restli/java/azkaban/restli/UserManagerResource.java
+++ b/azkaban-web-server/src/restli/java/azkaban/restli/UserManagerResource.java
@@ -55,8 +55,7 @@ public class UserManagerResource extends ResourceContextHolder {
@Action(name = "getUserFromSessionId")
public User getUserFromSessionId(@ActionParam("sessionId") final String sessionId) {
- final String ip = ResourceUtils.getRealClientIpAddr(this.getContext());
- final Session session = getSessionFromSessionId(sessionId, ip);
+ final Session session = getSessionFromSessionId(sessionId);
final azkaban.user.User azUser = session.getUser();
// Fill out the restli object with properties from the Azkaban user
@@ -78,17 +77,11 @@ public class UserManagerResource extends ResourceContextHolder {
return session;
}
- private Session getSessionFromSessionId(final String sessionId, final String remoteIp) {
+ private Session getSessionFromSessionId(final String sessionId) {
if (sessionId == null) {
return null;
}
- final Session session = getAzkaban().getSessionCache().getSession(sessionId);
- // Check if the IP's are equal. If not, we invalidate the sesson.
- if (session == null || !remoteIp.equals(session.getIp())) {
- return null;
- }
-
- return session;
+ return getAzkaban().getSessionCache().getSession(sessionId);
}
}
