It seems that when user suspends his computer zrok-agent has no opportunity to send unaccess request for frontend to zrok controller. There is no SIGTERM in this case.
Understood. There are changes coming to improve the agent in several ways, which should cover this scenario.
It will be great!
On top of suspend/hibernate there is another problem. On a very old linux systemd --user does not kill user's processes:
When #Automatic start-up of systemd user instances is enabled, the instance is started on boot and will not be killed.
The default value KillUserProcesses was changed but people still use old linux.
So this pc never sends unaccess request and every day creates new tokens. From time to time I need to manually delete them:
curl -s -H "X-TOKEN: secret" -X DELETE -H "Content-Type: application/zrok.v1+json" -d '{"envZId": "ziti_Id","frontendToken":"token","shareToken":"share_name" }' https://domain.name:port/api/v1/unaccess
I hope that there is no danger to let the phantom tokens be active for a some time in the database. Then I remove these tokens by a bash script at once.