Tuesday 11 June 2013

Changing the way User Sessions are handled by TeamMentor (will be 3.3 Release HotFix 3)

One feature we introduced in TeamMentor 3.3 was the limitation of only allowing one user session to be active at any given time.

This had the nice side effect of 'preventing user account reuse'.

In practice, this meant that TM users had to stop using shared accounts (like the admin account), which was a good thing.

But, it created nasty side effects where the user can only be logged in once across all its devices. And an even worse side-effect happened when we implemented a SSO solution for a client, and we realized that for the cases where there was one SSO token shared across multiple users, we would have to create an TM account per user session!

So we went back to the Concurrent Logins Have Broken  issue, reopened it and changed it priority to P0 (which means that this will be another 3.3 HotFix)

The rest of this post shows the workflow that I took when making the code 3.3 HotFix #3 changes, testing them and pushing the new version to GitHub.


Going from one active session to multiple active sessions

This is quite a significant change to TeamMentor, and one that will really push the UnitTests usage to its limits.

Since there were a number of code changes that needed to be made (which would affect both TM user session behavior and the methods available), my first step was to actually make the changes to the backend TeamMentor.CoreLib.dll:

New UserSession class:

image

New Sessions object in the main TMUser class:

image

An extension method to add a new session to a user object:

image

And an extension method to remove a session from a user object

image

Once I had these code changes and the entire solution was compiling (with some minor changes to existing UnitTests), I committed them using:

image

Next I executed the existing UnitTest (note that I will still add a number of tests focused on the expected new multiple SessionId behaviour)

The good news is that there are only a couple broken tests:

image

With the errors that matter being the ones in the Test_Users_Sessions class

image

The changes were quite minor, and after a bit I had all tests running again:

image

Now it was time to add Tests to check for the new UserSession class and the ability to have multiple sessions happening at the same time

At this stage I’ve installed NCrunch (see Trying out NCrunch) and I’m going to try to use it to create these tests.

I started with this one:

image

And ended up with a nice number of tests that covered a wide range of scenarios, while fixing a couple bugs with the original implementation of the new session code (see if you can stop them):

UnitTest: UserSession_Object

image

UnitTest: ResetSessions

image

UnitTest: MultipleLoginSessions_Two_Users:

image

UnitTest: MultipleLoginSessions_One_User:

image

Now that it all looks good, I’m going to (for the first time) fire up a browser, and try it out:

image

And it works :)

The image above shows two chrome sessions (one normal and one in incognito mode), both logged in as the user admin (before this would had logged out the first browser session (since there could only be one valid user session)).

A quick look at the admin user’s xml also confirms that there are two sessions in there:

image

And if we logout from one of the browser sessions:

image

… the User’s xml file will now only contain one Session item (and note the extra User Activity line with an User Logout entry)

image

... which is the exact behavior that we want :)

So the final steps are to commit the changes:

image

... push the changes to the main TeamMentor/Master repository

image

... and ping the QA team to take a look at it