Question about authenticating and persistance with API


I'm in the process of creating a PowerShell module to learn a bit more and am working against 6.0. I am able to generate a SID and do various functions. My question is. Is it better to keep the SID alive or generate a SID and destroy it after my function?

1st process

Generate Sid
Do one or more functions
Let Sid die after not being used

2nd process

Call function
Generate Sid
Do Function
Kill Sid via

It depends: if you have a persistent session storage option, then the former. If your script runs are always independent and cannot remember previously generated sessions, the latter.

The reason is that there is a limited number of concurrently allowed sessions for performance, memory efficiency and also brute-force protection reasons. This limit can be configured through webserver.api.max_sessions but it defaults to a rather low number (currently 16).

Note that sessions live for a certain time until they are freed again, this is controlled by the setting webserver.session.timeout which currently defaults to 3 minutes. This means that if you are simply "letting sessions die", your script will not be able to run more often than 16 times in 3 minutes (or whatever a user has configured as limits).

Hence, you should always clean up the sessions or be able to store them locally somewhere to retrieve and reuse them if they are still valid.

Thanks. I'm creating a PowerShell module that will use each API endpoint. Right now I have a PowerShell command that generates the Sid and each PowerShell function I call has a SID parameter. I'm also creating a $ENV:PI_HOLE_SID that can be fed so it will be more seamless. We'll see how this works. Thank you.