CloudNebulaProject/wayray
1
0
Fork 0
mirror of https://github.com/CloudNebulaProject/wayray.git synced 2026-04-10 13:10:41 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
wayray/docs/ai/adr/004-session-management.md
Till Wegmueller 167c6c17c6
Add project documentation, architecture decisions, and usage book 
Comprehensive documentation for WayRay, a SunRay-like thin client
Wayland compositor targeting illumos and Linux:

- CLAUDE.md: project context and conventions
- docs/ai/plans: 6-phase implementation roadmap
- docs/ai/adr: 9 architecture decision records (Smithay, QUIC,
  frame encoding, session management, rendering, audio, project
  structure, illumos support, pluggable window management)
- docs/architecture: system architecture overview with diagrams
- docs/protocols: WayRay wire protocol specification
- book/: mdbook user guide (introduction, concepts, server/client
  guides, admin, development)
- RESEARCH.md: deep research on remote display protocols
2026-03-28 20:47:16 +01:00

4.2 KiB
Raw Permalink Blame History

ADR-004: Session Management and Hot-Desking

Status

Accepted

Context

SunRay's defining feature was session mobility: users could pull their smart card, walk to any terminal, insert the card, and their entire desktop appeared in under a second. WayRay must replicate this capability with modern technology.

Design

Session Lifecycle

                    token insert
    [No Session] ───────────────> [Creating]
                                      │
                                      v
                    ┌──────────> [Active] <──────────┐
                    │                 │               │
                    │    token remove │  token insert  │
                    │                 v    (new client)│
                    │           [Suspended] ──────────┘
                    │                 │
                    │      timeout    │
                    │                 v
                    │           [Destroyed]
                    │
                    │  client reconnect
                    └──── (same token)

Session Identity

  • Each session is bound to a token (smart card ID, badge ID, or software token)
  • The token is NOT the user's identity -- it's a session locator
  • Authentication happens separately via PAM after session attachment
  • Multiple tokens can map to the same user (e.g., badge + phone NFC)

Session Storage

  • Active session state: in-memory (fast lookup)
  • Session metadata (token mappings, user associations): SQLite via SeaORM
  • Session registry for multi-server: distributed key-value store (etcd or custom)

Hot-Desking Flow

  1. Client connects to any WayRay server with a token
  2. Server checks local session registry for token
  3. If not found locally, queries other servers in the group
  4. If session found on another server:
    • Source server suspends the session (detaches from old client)
    • Source server provides session endpoint to requesting server
    • Client is redirected to the source server
    • Session resumes on source server with new client
  5. If no session exists: create new session, authenticate user via PAM
  6. Entire flow target: < 500ms

Session Suspension

When a token is removed or client disconnects:

  • Compositor continues running (all applications stay alive)
  • Frame rendering pauses (no ExportMem, save CPU)
  • Network streams close gracefully
  • Session enters Suspended state with configurable timeout (default: 24 hours)
  • After timeout: session destroyed, all applications terminated

Options Considered for Token Mechanism

1. Smart Card (PC/SC)

  • Direct SunRay heritage
  • Requires hardware on client (smart card reader)
  • Well-suited for enterprise/government environments
  • Libraries: pcsc-rust crate

2. NFC / RFID

  • Modern equivalent of smart card
  • Phone-based NFC as software token
  • Lower-friction than smart card insertion

3. Software Token

  • UUID-based token stored on client device
  • No hardware required
  • Can be combined with TOTP/FIDO2 for security
  • Most accessible for development and lightweight deployments

4. All of the above (pluggable)

  • Token is an opaque identifier; the mechanism doesn't matter to session management
  • Different authentication backends provide tokens via a trait

Decision

Pluggable token system with software tokens as the default, smart card and NFC as optional backends.

trait TokenProvider {
    fn token_inserted(&self) -> Option<SessionToken>;
    fn token_removed(&self) -> bool;
    fn watch(&self) -> TokenEventStream;
}

Rationale

  • Session mobility is the core differentiator; it must work across arbitrary token types
  • Software tokens lower the barrier to entry (no hardware needed)
  • Smart card support honors the SunRay heritage for enterprise deployments
  • Pluggable design avoids committing to a single mechanism

Consequences

  • Must handle race conditions: token inserted on two clients simultaneously
  • Session redirect adds latency; must be optimized carefully
  • Multi-server session registry is a distributed systems problem (consistency vs availability)
  • Software tokens are less secure than hardware tokens (can be copied); mitigate with device binding