You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Long-running scripts (e.g. processing 20k secrets) routinely hit session-token expiry mid-run. The TssSession object already exposes CheckTokenTtl() and SessionRefresh() (see Example 6 on New-TssSession), but callers have to remember to wire them in.
Proposed
Built-in warning. When a cmdlet is called against a session whose token is within N minutes of expiry, emit a Write-Warning ("session token expires in 2m; consider calling \$session.SessionRefresh()"). Threshold configurable on the session object (default ~3 minutes to match the existing Example 6 pattern).
Opt-in auto-refresh. Add an -AutoRefresh switch on New-TssSession (or an AutoRefreshThreshold property on the TssSession) so that every cmdlet call invokes SessionRefresh() automatically when the token TTL drops under the threshold. Bound by the Maximum Token Refreshes Allowed server config — the module should track refreshes used and surface a warning when nearing the limit so the script can react before authentication starts failing outright.
Docs. Promote the existing CheckTokenTtl / SessionRefresh pattern from "Example 6" buried in New-TssSession to a dedicated subsection on the Authentication page so users find it before hitting the wall.
Considerations
Warning Search-TSSSecret and inactive secrets #1 should be cheap (just compare against TimeOfDeath already on the session) and shouldn't spam — emit once per token, not per cmdlet call.
Auto-refresh New-TssSession not clearing object on bad login #2 needs to handle the refresh-limit-exceeded case gracefully and emit a clear terminal error when out of refreshes (vs. the current opaque server error).
Both should be opt-in to preserve existing script behavior.
Originated from discussion #199.
Long-running scripts (e.g. processing 20k secrets) routinely hit session-token expiry mid-run. The
TssSessionobject already exposesCheckTokenTtl()andSessionRefresh()(see Example 6 onNew-TssSession), but callers have to remember to wire them in.Proposed
Built-in warning. When a cmdlet is called against a session whose token is within N minutes of expiry, emit a
Write-Warning("session token expires in 2m; consider calling\$session.SessionRefresh()"). Threshold configurable on the session object (default ~3 minutes to match the existing Example 6 pattern).Opt-in auto-refresh. Add an
-AutoRefreshswitch onNew-TssSession(or anAutoRefreshThresholdproperty on theTssSession) so that every cmdlet call invokesSessionRefresh()automatically when the token TTL drops under the threshold. Bound by theMaximum Token Refreshes Allowedserver config — the module should track refreshes used and surface a warning when nearing the limit so the script can react before authentication starts failing outright.Docs. Promote the existing
CheckTokenTtl/SessionRefreshpattern from "Example 6" buried inNew-TssSessionto a dedicated subsection on the Authentication page so users find it before hitting the wall.Considerations
TimeOfDeathalready on the session) and shouldn't spam — emit once per token, not per cmdlet call.