How to use HTTP_X_SHARED_SESSION_KEY?


(Nilesh Trivedi) #1

lib/auth/default_current_user_provider looks for this request header while looking for current_user. If present, the user_id is looked up in Redis for this header’s value.

What are the use cases that make use of this ability? Google did not turn up anything.

Also, after loading a user from this header, it seems that the rest of the checks and actions (checking whether the user is suspended or inactive, updating the user’s last_seen timestamp and ip_address) are bypassed. Why is this desirable?


(Sam Saffron) #2

see:

https://github.com/discourse/discourse/commit/aa9b3bb35accce498438e22344a3c352a9bc6592#diff-a7435baf2a94e11afecd20b6f11162be

This feature was added to allow long polling to work cross domain, I don’t recommend playing with this stuff unless you really know what you are doing.