Forever sessions

1. 1. Tutorial

Setting up user session tokens so that the session may be refreshed indefinitely without providing credentials again. This is similar to the Facebook model, where a device remains logged into an account forever, unless explicitly logged out.

1. 1. Background

• This tutorial builds on the concepts covered in Access using JWT and API Key and Refreshing a JWT.*

You may configure user sessions to never expire. This means that a session may be refreshed forever without providing the user's credentials again. The initial session_token will be valid until the token TTL (time-to-live) expires, after which a new session_token value may be obtained by simply refreshing the original session. This may be repeated for the same session indefinitely, or until an explicit logout (session deletion).

1. 1. Configuration

To set up forever sessions, we will configure DF_ALLOW_FOREVER_SESSIONS and DF_JWT_TTL in the .env file. The .env file for a DreamFactory instance is located at the installation's root directory. Note that DF_JWT_REFRESH_TTL will be ignored once DF_ALLOW_FOREVER_SESSIONS is set to true.

1. Set DF_ALLOW_FOREVER_SESSIONS

2. Set DF_JWT_TTL

1. 1. Example: using the admin app GUI

1. Create a role with the desired access.

• Navigate to 'Roles' > 'Create', enter 'Name' and 'Description' values, and check the box labeled 'Active'.

1. 1. Example: calling the API directly

The below API calls will be made from cURL for the sake of raw simplicity.

1. Instantiate an admin session.

• Since the below changes are made to system resources, an Admin user session must be used to make these API calls. (Refer to the Logging In and Access Using JWT tutorials for details.)

1. 1. Testing

To test from the REST API client or app of your choice, simply make an unauthenticated API call to the resource(s) you've made available using the API key you've created.

1. 1. 1. Using cURL

To list the contents of the images folder from cURL:

1. 1. 1. Using a REST client

From a REST client such as the POSTman extension for Google Chrome, to list the contents of the images folder: