Bug 1757423

Summary: Users immediately logged out from User portal due to negative UserSessionTimeOutInterval
Product: Red Hat Enterprise Virtualization Manager Reporter: Jaroslav Spanko <jspanko>
Component: ovirt-web-uiAssignee: Sharon Gratch <sgratch>
Status: CLOSED ERRATA QA Contact: Ivana Saranova <isaranov>
Severity: low Docs Contact:
Priority: low    
Version: 4.3.5CC: lsvaty, michal.skrivanek, mtessun, pelauter, rdlugyhe, sgratch
Target Milestone: ovirt-4.3.8Keywords: ZStream
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: ovirt-web-ui-1.6.0-2 Doc Type: Bug Fix
Doc Text:
Normally, when the "UserSessionTimeOutInterval" is set to a negative value such as "-1", the user remains logged into the VM Portal indefinitely. However, in RHV version 4.5.3.6, a negative value automatically logged the user out immediately. The current release fixes this issue, such that, with the value set to -1, the user is never automatically logged out, as expected per the config value definition in ovirt-engine engine-config.properties: "A negative value indicates that sessions never expire.": https://github.com/oVirt/ovirt-engine/blob/e0940bd9b768cb52c78f9e0d0c97afd6de7ac8a5/packaging/etc/engine-config/engine-config.properties#L218-L220
 Story Points: ---
Clone Of: Environment:
Last Closed: 2020-02-13 15:24:47 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: UX RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Jaroslav Spanko 2019-10-01 13:35:32 UTC 
Description of problem:
After upgrade to 4.3.5.6 users are immediately logged out from User portal after login due to negative UserSessionTimeOutInterval: -1

Version-Release number of selected component (if applicable):
4.3.5.6

How reproducible:
100%

Steps to Reproduce:
1. upgrade to 4.3.5.6 
2. set UserSessionTimeOutInterval=-1
3. try login to User portal

Actual results:
Immediately logged out  

Expected results:
If the user decides that his UserSessionTimeOut = -1, he wouldn't logout.

Additional info:
https://github.com/oVirt/ovirt-web-ui/pull/1087
Comment 1 Michal Skrivanek 2019-10-02 04:49:01 UTC 
This is not a standard session we document anywhere. While we do allow it to be changed itks a bad practice to set it to “never” in production too. Despite that, a smple workaround is to use a high enough...
Fixed in 4.4
Comment 3 Jaroslav Spanko 2019-10-02 08:34:35 UTC 
It was documented in 4.1 Admin Guide so customers will bring it with upgrade ... it remains only in engine-config 
UserSessionTimeOutInterval: Timeout interval in minutes, after which inactive user sessions expire. A negative value indicates that sessions never expire. (Value Type: Integer)

But as we have KCS i am ok with that, thanks
Comment 6 Ivana Saranova 2019-12-20 15:58:55 UTC 
Steps:
1) Change UserSessionTimeOutInterval variable in engine-config to -1
2) Log in to VM portal to see if logged off immediately

Result:
User is not logged off the VM portal.

Verified in:
ovirt-engine-4.3.8.1-0.1.master.el7.noarch
ovirt-web-ui-1.6.0-2.el7ev.noarch
Comment 9 errata-xmlrpc 2020-02-13 15:24:47 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2020:0498