Google Git
Sign in
chromium / chromium / src / 3847f58ec94bfc1f8f93b51b1de8575b621140ab
commit3847f58ec94bfc1f8f93b51b1de8575b621140ab[log] [tgz]
authorJoe Downing <joedow@google.com>Mon Jul 28 22:55:15 2025
committerChromium LUCI CQ <chromium-scoped@luci-project-accounts.iam.gserviceaccount.com>Mon Jul 28 22:55:15 2025
tree2819546b7c264eea1d7f6bbbc1a9713758e8fb5b
parent22d9b010ae92b05ed70366a8792056fddbaed26d [diff]
Modify reauth interval calculation to handle larger expiration values

The original reauth token lifetime was hard-coded to 10 minutes. I've
modified the Cloud SessionAuthz logic to allow the admin to define the
period such that they can decide on the trade-off between session
disconnection response time and resource usage for the queries needed
to determine whether the session is authorized.

If the admin chooses a value like '24 hours' then the current logic
will begin retrying at the 12 hour mark. If there is an error, then
the retries will continue over that 12 hour period.  I think we
should tighten this up and enforce a minimum reauth interval of 2.5
minutes and a maximum of ~10 minutes. This will potentially reduce
load on our services (if Cloud hosts are used with large'ish reauth
expirations) and keep the behavior more inline with the expectation of
the admin wrt resource usage when enabling the feature.

Change-Id: I8a83307962a65727ed82eeefdcf414a56bfc5cde
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/6785639
Auto-Submit: Joe Downing <joedow@chromium.org>
Reviewed-by: Yuwei Huang <yuweih@chromium.org>
Commit-Queue: Joe Downing <joedow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1493159}
2 files changed
tree: 2819546b7c264eea1d7f6bbbc1a9713758e8fb5b
  1. .github/
  2. agents/
  3. android_webview/
  4. apps/
  5. ash/
  6. base/
  7. build/
  8. build_overrides/
  9. buildtools/
  10. cc/
  11. chrome/
  12. chromecast/
  13. chromeos/
  14. codelabs/
  15. components/
  16. content/
  17. crypto/
  18. dbus/
  19. device/
  20. docs/
  21. extensions/
  22. fuchsia_web/
  23. gin/
  24. google_apis/
  25. gpu/
  26. headless/
  27. infra/
  28. ios/
  29. ipc/
  30. media/
  31. mojo/
  32. net/
  33. pdf/
  34. printing/
  35. remoting/
  36. rlz/
  37. sandbox/
  38. services/
  39. skia/
  40. sql/
  41. storage/
  42. styleguide/
  43. testing/
  44. third_party/
  45. tools/
  46. ui/
  47. url/
  48. webkit/
  49. clank
  50. clusterfuzz-data
  51. internal
  52. ios_internal
  53. signing_keys
  54. v8
  55. .clang-format
  56. .clang-tidy
  57. .clangd
  58. .cursorignore
  59. .geminiignore
  60. .git-blame-ignore-revs
  61. .gitallowed
  62. .gitattributes
  63. .gitignore
  64. .gitmodules
  65. .gn
  66. .mailmap
  67. .rustfmt.toml
  68. .vpython3
  69. .yapfignore
  70. ATL_OWNERS
  71. AUTHORS
  72. BUILD.gn
  73. CODE_OF_CONDUCT.md
  74. codereview.settings
  75. CPPLINT.cfg
  76. CRYPTO_OWNERS
  77. DEPS
  78. DIR_METADATA
  79. LICENSE
  80. LICENSE.chromium_os
  81. OWNERS
  82. PRESUBMIT.py
  83. PRESUBMIT_test.py
  84. PRESUBMIT_test_mocks.py
  85. README.md
  86. SECURITY_OWNERS
  87. WATCHLISTS
README.md

Logo Chromium

Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web.

The project's web site is https://www.chromium.org.

To check out the source code locally, don't use git clone! Instead, follow the instructions on how to get the code.

Documentation in the source is rooted in docs/README.md.

Learn how to Get Around the Chromium Source Code Directory Structure.

For historical reasons, there are some small top level directories. Now the guidance is that new top level directories are for product (e.g. Chrome, Android WebView, Ash). Even if these products have multiple executables, the code should be in subdirectories of the product.

If you found a bug, please file it at https://crbug.com/new.