Increase in anonymous handshakes and tokenrevoked messages
Revoke by realtime client was shipped in 19.1.0 on 2018-5-22, https://gitlab.com/gitlab-org/gitter/webapp/merge_requests/1155
But we only started revoking people in 19.4.0 on 2018-6-11 which lines up with when this graph increased
I think this is caused by the
gitter-realtime-client
usage within the desktop app (not within thewebapp
which has already signed them out). We use thegitter-realtime-client
separately in the desktop app to update the task bar and tray menu with unreads. The realtime client will handle "Reinitialisation of state after client disconnections" and doesn't have anything in place to stop reconnecting after a401
/403
like we have in thewebapp
.These people haven't noticed that Gitter has revoked them because they just leave it running in the background.
For the future, we should fix the gitter-realtime-client
in the desktop app to not reconnect after 401
/403
, https://gitlab.com/gitlab-org/gitter/desktop/issues/253
tokenrevoked
messages (started mid-day on 2018-6-11)
Increase in
I would expect a jump in tokenrevoked
messages in 19.4.0 on 2018-6-11 but I also expect to that have died down as people upgrade their desktop client to v4. The v3 desktop app is useless at this point because it is revoked.
Solution
To fix the current solution
-
Increase advice.interval
to a large number of seconds whenadvice.reconnect === 'none'
as it shouldn't try to re-connect anyway but flawed clients may not comply (like Gitter desktop v3), (related https://gitlab.com/gitlab-org/gitter/desktop/issues/253)- Shipped in 19.6.0 (2018-6-18), https://gitlab.com/gitlab-org/gitter/webapp/merge_requests/1186
For future situatons,
-
Release a new version of halley
(see differences from latest release0.4.8
and currentmaster
)- This has a fix to not try to reconnect after
advice.reconnect === 'none'
-
v0.6.0
released, https://gitlab.com/gitlab-org/gitter/halley/merge_requests/7
- This has a fix to not try to reconnect after
-
Update gitter-realtime-client
with updatedhalley
dep, https://gitlab.com/gitlab-org/gitter/realtime-client/merge_requests/22 -
Update Gitter desktop app with new gitter-realtime-client
, https://gitlab.com/gitlab-org/gitter/desktop/merge_requests/212 -
Update Gitter desktop app with same accessTokenFailureExtension
we use in thewebapp
, https://gitlab.com/gitlab-org/gitter/desktop/issues/253 -
Update webapp
with newgitter-realtime-client
, https://gitlab.com/gitlab-org/gitter/webapp/merge_requests/1190 -
Revert https://gitlab.com/gitlab-org/gitter/webapp/merge_requests/1185