| Summary: | Able to perform url navigation after logout | ||
|---|---|---|---|
| Product: | [Other] RHQ Project | Reporter: | Jay Shaughnessy <jshaughn> |
| Component: | Core UI | Assignee: | Jay Shaughnessy <jshaughn> |
| Status: | CLOSED CURRENTRELEASE | QA Contact: | Corey Welton <cwelton> |
| Severity: | high | Docs Contact: | |
| Priority: | medium | ||
| Version: | 4.0.0.Beta2 | CC: | hrupp, skondkar |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | All | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2011-05-24 01:07:53 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
|
Description
Jay Shaughnessy
2011-04-07 20:18:14 UTC
Actually, I think the session is dying as anticipated. That is good. The behavior is still bad, though. Fix commit 9a590b9d71a34f884c9843880278762277028eac
Author: Jay Shaughnessy <jshaughn>
Date: Fri Apr 8 15:19:01 2011 -0400
A user-initiated logout had various issues:
- the logged out user's last view remained on screen (potential security issue)
- the back button could be utilized to navigate to the user's past pages (potential security issue)
- subsequent login could navigate to the wrong view
- in certain situations the previous session could be refreshed (just plain bad)
Now on a user-initiated logout the entire background is greyed out to hide
previous state. The back button will maintain the LogOut view. Subsequent
logins will start at the default view.
Note that session-expirations also pop up the login box but do still
show the background view, on the assumption that the user may want to
log in again and pick up where he left off.
Verified on build#1175 (Version: 4.0.0-SNAPSHOT Build Number: a90faf9) Logged in and navigated to a resource. After logout, the background is greyed out and it does not display the resource details screen, it shows only the login box. Tried hitting browser back button which maintains the view displaying only the login box. Subsequent logins display the Dashboard screen. Also waited till the session expires. The login box is shown with the background view and after login, it displays the screen where the user left off. Marking as verified. Bookkeeping - closing bug - fixed in recent release. |