Bug 1161730
| Summary: | Logout must logout all sessions | ||
|---|---|---|---|
| Product: | [Retired] oVirt | Reporter: | Alon Bar-Lev <alonbl> |
| Component: | ovirt-engine-webadmin | Assignee: | Vojtech Szocs <vszocs> |
| Status: | CLOSED CURRENTRELEASE | QA Contact: | Gonza <grafuls> |
| Severity: | urgent | Docs Contact: | |
| Priority: | urgent | ||
| Version: | 3.3 | CC: | bugs, ecohen, gklein, grafuls, iheim, lsurette, mgoldboi, rbalakri, s.kieske, vszocs, yeylon |
| Target Milestone: | --- | ||
| Target Release: | 3.5.1 | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | ux | ||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2015-01-21 16:03:43 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | UX | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 1172703 | ||
| Bug Blocks: | 1167166 | ||
|
Description
Alon Bar-Lev
2014-11-07 17:53:20 UTC
actually since 3.2.2 this should block 3.5.1 release, if it's urgent :) Which version is this fixed on? This issue is still appearing on: rhevm-3.5.0-0.23.beta.el6ev.noarch Steps used to reproduce: 1. Logged in through webadmin and through the API with a session cookie 2. Signed out on webadmin 3. Called the API with the same session cookie and it returned a succesful result (In reply to grafuls from comment #3) > Which version is this fixed on? please try use this repo[1] [1] http://bob.eng.lab.tlv.redhat.com/builds/latest_vt/ Same result, for that version which I hope it's the following:
# yumdb info rhevm
Loaded plugins: product-id, versionlock
rhevm-3.5.0-0.23.beta.el6ev.noarch
changed_by = 0
checksum_data = 5c7174bd1d292a6c388b8d88ab1bb15cbd28cddac74719db0d29422cf4c86248
checksum_type = sha256
from_repo = rhevm35
from_repo_revision = 1417692417
from_repo_timestamp = 1417692437
installed_by = 0
reason = user
releasever = 6Server
as far as I can see 45fc369a is applied in this package. please explain what is: "Logged in through webadmin and through the API with a session cookie" I logged in to the engine webadmin through: http://[engine-IP]/ovirt-engine/webadmin/ For the RestAPI I connected following this: https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Virtualization/3.4/html-single/Technical_Guide/index.html#Authentication_Sessions (In reply to grafuls from comment #7) > I logged in to the engine webadmin through: > http://[engine-IP]/ovirt-engine/webadmin/ > > For the RestAPI I connected following this: > https://access.redhat.com/documentation/en-US/ > Red_Hat_Enterprise_Virtualization/3.4/html-single/Technical_Guide/index. > html#Authentication_Sessions you created a separate session that is detached from the webadmin session, so it has its own life cycle. we discuss here the restapi restapi session that is created by webadmin and transfered to ui-plugins for example. Verified on: rhevm-3.5.0-0.23.beta.el6ev.noarch Steps: 1. Logged in through webadmin and 2 session cookies were created, one for webadmin and one for API. 2. Tried to access the API with same cookie headers via curl and got a succesful response. 3. Logged out from webadmin and tried to access the API through curl with the previous cookie headers but got a 401 response requesting for http authentication. oVirt 3.5.1 has been released. If problems still persist, please make note of it in this bug report. |