fixes #4776 - support session[:expires_at] for api requests
There are situations where the UI needs to invoke requests on the API controllers; therefore, we need to ensure that the session expiration accounts for them. This is a common for plugins, such as Katello, which leverage the APIs extensively to support both the web UI and CLI.
With these changes, if an API request is received with session[:expires_at], it will be evaluated and updated by the server. This will be the case for requests from the web-UI.
If an API request is received without session[:expires_at], no evaluation or updating of an expiration timer will be performed. This latter case is the existing behavior for the API requests (e.g via API or CLI) and will continue to be supported.
fixes #4776 - support session[:expires_at] for api requests
There are situations where the UI needs to invoke requests
on the API controllers; therefore, we need to ensure that
the session expiration accounts for them. This is a common
for plugins, such as Katello, which leverage the
APIs extensively to support both the web UI and CLI.
With these changes, if an API request is received with
session[:expires_at], it will be evaluated and updated by the
server. This will be the case for requests from the web-UI.
If an API request is received without session[:expires_at],
no evaluation or updating of an expiration timer will
be performed. This latter case is the existing behavior
for the API requests (e.g via API or CLI) and will continue
to be supported.