Bug 1338013

Summary: User session is not isolated when simultaneous logins with same credentials
Product: Red Hat Satellite Reporter: Bruno Rocha <rochacbruno>
Component: Users & RolesAssignee: Ivan Necas <inecas>
Status: CLOSED DEFERRED QA Contact: Katello QA List <katello-qa-list>
Severity: medium Docs Contact:
Priority: unspecified    
Version: 6.2.0CC: bbuckingham, bkearney, dhlavacd, inecas, mhulan, sthirugn, tomckay
Target Milestone: UnspecifiedKeywords: Triaged
Target Release: Unused   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-03-14 17:23:40 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Bruno Rocha 2016-05-20 17:22:14 UTC 
Created attachment 1160019 [details]
Screen Recording showing the session sharing for simultaneous users

Description of problem:

Many companies keeps the bad practice of sharing the same admin user and password across all the associates.

In Satellite if simultaneous users login using same credentials the session context is not isolated

So changes of organization context in one will reflect in all the other sessions. 


Version-Release number of selected component (if applicable):

Sat 6.2 - RHEL7 

How reproducible:

Always (when two or more users login using same credentials)

Steps to Reproduce:
Take a look at the attached screen record.

Actual results:

Organization changes in one session reflects in all the others


Expected results:

Session context isolation
or
Preventing users to login if there is an active session


Additional info:
attached video
Comment 3 Ivan Necas 2016-05-23 19:36:46 UTC 
Created redmine issue http://projects.theforeman.org/issues/15150 from this bug
Comment 4 Ivan Necas 2016-05-23 19:40:45 UTC 
Proposed fix at https://github.com/theforeman/foreman/pull/3544
Comment 6 sthirugn@redhat.com 2016-06-03 18:30:20 UTC 
It looks like the fix is already in upstream.  Can we get this in for GA, we are doing time consuming workaround (create/delete new user for each test) in automation because of this issue.
Comment 9 Bryan Kearney 2017-03-14 17:23:40 UTC 
An upstream issue has been opened for this. When this is fixed, the next version of satellite will contain the fix. We will no longer be tracking this downstream. If you feel this was closed in error, please feel free to re-open with additional information.