Bug 727481

Summary: [webadmin] F5 (refresh) goes back to login screen
Product: [Retired] oVirt Reporter: Einav Cohen <ecohen>
Component: ovirt-engine-webadminAssignee: Asaf Shakarchi <asaf>
Status: CLOSED CURRENTRELEASE QA Contact:
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: unspecifiedCC: ecohen, iheim, vszocs, ykaul
Target Milestone: m2   
Target Release: 3.1   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2012-08-09 08:02:01 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Einav Cohen 2011-08-02 09:09:30 UTC 
Description of problem:
F5 (refresh) goes back to login screen. It should remain in the main screen in case the session is still valid, and return to login screen if session has expired.

Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:


Additional info:
Comment 1 Vojtech Szocs 2011-08-02 15:18:45 UTC 
Steps to reproduce:
1. access WebAdmin host page, app redirects to #login default place (anonymous user)
2. enter username/password, click Login button, app redirects to #vms default place (logged-in user)
3. press F5 (refresh)

Reloading the page via F5 causes the entire application to reload: WebAdmin host page will be requested, JavaScript code will be executed, etc.

Since the user was previously on #vms place, and this place is protected (only accessible to logged-in users), and the application code got reloaded, application thinks the user is not logged in yet, and redirects the user to #login default place for anonymous users [ApplicationPlaceManager.revealUnauthorizedPlace method]. Note: in general, F5 shouldn't be used for single-page web apps.

Proposed solution (F5 workaround):
- when the browser requests WebAdmin host page, we already know if the user is logged-in or not (a user session exists or not)
- we can embed this information inside WebAdmin host page (host page needs to be rendered dynamically though, can't be plain HTML)
- WebAdmin application code will retrieve this information, and if the user is logged in, will redirect to main (logged-in) section

In order to be able to fully support F5 (reload the app and redirect to the exact same place the user was before), we need to integrate the proposed functionality described above, into LoggedInGatekeeper.
Comment 2 Vojtech Szocs 2011-08-02 15:24:10 UTC 
The idea behind using a dynamic host page to inject authentication information is described in the following article.

Using a Dynamic Host Page for Authentication and Initialization [http://code.google.com/webtoolkit/articles/dynamic_host_page.html]
Comment 3 Itamar Heim 2012-08-09 08:02:01 UTC 
closing ON_QA bugs as oVirt 3.1 was released:
http://www.ovirt.org/get-ovirt/
Comment 4 Itamar Heim 2012-08-09 08:03:26 UTC 
closing ON_QA bugs as oVirt 3.1 was released:
http://www.ovirt.org/get-ovirt/