fix(session): scope RDM jump host discovery to the current Windows session

[Richard Markiewicz (thenextman)]

When jumping a connection through a remote host via the Devolutions Agent, the second concurrent jump by the same user failed with "Devolutions agent is not available on the jump host", but only when the jump host allows multiple simultaneous logins per user (i.e. Restrict each user to a single session is disabled). The first jump always worked; subsequent ones were session-dependent.

Root cause was in devolutions-session (dvc/rdm.rs). The agent and the jump-host RDM rendezvous over a named pipe / ready event whose names are built from {session_id}-{pid}. find_rdm_pid() located the RDM instance with a machine-wide process snapshot matched only on executable path, but no session filter. So in a second session it returned an RDM PID belonging to a different session, and the resulting names mixed the current session id with a foreign PID and never matched what any RDM instance had registered → timeout → "agent not available."

Two secondary defects compounded it:

• The PID-hint file (meant to re-attach to the same RDM instance across the agent's per-reconnect restarts, including disambiguating multiple RDM instances in multi-instance mode) used a single fixed per-user path and was opened write-only + truncate-on-read, so reads always failed — the hint was effectively dead, and the file was shared across same-user sessions.
• A missing hint file was logged as a warning even though it is the normal first-connection state.

Resolution

All changes are internal to devolutions-session — the pipe/event naming contract with RDM is unchanged, so mixed agent/RDM versions interoperate and no RDM-side change is needed.

• Session-scoped discovery (primary fix): find_rdm_pid() now resolves the current Windows session and skips any process not in it (process_id_to_session(pid) == current_session), so only an in-session RDM can ever be selected. This also inherently validates the hinted PID.
• Session-scoped hint file: renamed to devolutions-session-rdm-{session_id}.pid so concurrent same-user sessions no longer share or clobber it.
• Repaired hint read/write: switched to std::fs::read_to_string / std::fs::write, restoring the intended same-instance re-attach (relevant for multi-instance mode).
• Stale-hint cleanup: when a hint no longer resolves to a live in-session RDM, the file is removed so it can't linger between sessions that reuse a session id.
• Quieter logging: a missing hint file (NotFound) is treated as "no hint" rather than a warning; only real I/O/parse errors warn.

Risk / compatibility

Low. The fix only narrows which candidate RDM process is chosen — attaching to a different-session RDM never worked, so no behaviour is regressed. No protocol or RDM-side changes; the only migration artifact is a now-unused old-format hint file in temp, which is harmless and self-clears.

Issue: DGW-402

[github-actions]

Let maintainers know that an action is required on their side

• Add the label release-required Please cut a new release (Devolutions Gateway, Devolutions Agent, Jetsocat, PowerShell module) when you request a maintainer to cut a new release (Devolutions Gateway, Devolutions Agent, Jetsocat, PowerShell module)

• Add the label release-blocker Follow-up is required before cutting a new release if a follow-up is required before cutting a new release

• Add the label publish-required Please publish libraries (`Devolutions.Gateway.Utils`, OpenAPI clients, etc) when you request a maintainer to publish libraries (Devolutions.Gateway.Utils, OpenAPI clients, etc.)

• Add the label publish-blocker Follow-up is required before publishing libraries if a follow-up is required before publishing libraries

[Copilot]

Pull request overview

This PR fixes RDM (Remote Desktop Manager) “jump host” discovery to only consider RDM instances running in the current Windows session, preventing cross-session collisions when the same user has multiple concurrent sessions.

Changes:

• Scope RDM process enumeration to the current Windows session via process_id_to_session.
• Replace the PID hint NamedTempFile approach with a deterministic per-session PID hint file in the user temp directory.
• Add stale PID hint cleanup when the hint no longer resolves to a live RDM instance in the current session.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

Pull request overview

Copilot reviewed 1 out of 1 changed files in this pull request and generated 2 comments.