Bug - out of date package torus stepping on global

[ianlivingstone]

If you have installed Torus globally (using brew install or npm install -g), and then install torus locally as a package in your package.json. If the versions between the two get out of sync they'll step on one another resulting in a user always being asked to login.

[ianlivingstone]

I'm not exactly sure what we can do to fundamentally solve this bug, as the script (e.g. npm start ) will use the version of Torus in node_modules but a user would use the globally installed one.

We can make it less likely to happen by separating out version from protocol, but it wouldn't fundamentally solve this bug.

[ianlivingstone]

Thoughts @jbowes @mattcreager ?

[johnstonmatt]

Does a session need to be invalidated on upgrade? and if it does, maybe the versions are locked symetrical via package-lock.json or yarn.lock

[ianlivingstone]

Does a session need to be invalidated on upgrade? and if it does, maybe the versions are locked symetrical via package-lock.json or yarn.lock

A session is not stored on disk, instead, it's kept in memory inside the torus daemon. When an upgrade happens and the daemon is restarted the session is lost!