Bug 794536

Summary: conductor should have an inactivity timeout
Product: [Retired] CloudForms Cloud Engine Reporter: wes hayutin <whayutin>
Component: aeolus-conductorAssignee: Imre Farkas <ifarkas>
Status: CLOSED CURRENTRELEASE QA Contact: wes hayutin <whayutin>
Severity: medium Docs Contact:
Priority: unspecified    
Version: 1.0.0CC: akarol, athomas, cpelland, dajohnso, deltacloud-maint, hbrock, matt.wagner, morazi, slinaber, ssachdev
Target Milestone: rcKeywords: Triaged
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: v0.8.0-38 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2012-12-13 19:49:29 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description wes hayutin 2012-02-17 03:27:53 UTC
Description of problem:

conductor should have an inactivity timeout and log a user out after $x time

Comment 1 Hugh Brock 2012-02-27 15:58:31 UTC
Yes. Let's have sessions time out after 15 minutes of inactivity, by default.

Comment 3 Jiri Tomasek 2012-02-28 15:02:49 UTC
fixed in commit 00d33c5b787975e7e2e90bf4f681971d2e530454

Comment 4 Steve Linabery 2012-02-28 17:13:15 UTC
a38a265

Comment 5 Shveta 2012-02-29 05:46:29 UTC
Got logged out after 15 minutes of inactivity.


Verified in 
rpm -qa|grep aeolus
aeolus-conductor-0.8.0-38.el6.noarch
aeolus-all-0.8.0-38.el6.noarch
aeolus-conductor-daemons-0.8.0-38.el6.noarch
aeolus-configure-2.5.0-15.el6.noarch
rubygem-aeolus-image-0.3.0-10.el6.noarch
rubygem-aeolus-cli-0.3.0-11.el6.noarch
aeolus-conductor-doc-0.8.0-38.el6.noarch

Comment 6 Hugh Brock 2012-03-02 20:11:36 UTC
The fix for this bug as it turns out creates way more problems than it solves. We have lots of code that automatically refreshes portions of a page, and lots of long-running operations. It's not reasonable to time the user out in the middle of a build without a warning, but this is exactly what will happen with the current code; the alternative is that automatic refreshes every 30 seconds continually reset the inactivity timer, so the user never actually times out. Fixing these issues and the other host of issues that have come up around it is out of scope for this release.

I'm moving this to the next release. For 1.0, we need to document that users must manually log out of their sessions or they will never expire.

Comment 7 Matt Wagner 2012-03-02 21:58:53 UTC
re: the above comment, I pushed a revert for this, in https://bugzilla.redhat.com/show_bug.cgi?id=799516 (which has been ACKed on this list)

This BZ be reimplemented in an upcoming sprint. The patch itself was perfectly fine, but we need a few additional things -- see #799516 for details.

Comment 8 Matt Wagner 2012-03-06 14:55:07 UTC
For the record, the commit is:

commit e519fe57a7153abe054983e139cc57cd289194b5
Author: Matt Wagner <matt.wagner>
Date:   Fri Mar 2 16:01:15 2012 -0500

    Revert "BZ794536 Timeout session after 15 minutes of inactivity"
    
    This reverts commit 00d33c5b787975e7e2e90bf4f681971d2e530454.
    
    See https://bugzilla.redhat.com/show_bug.cgi?id=799516



Setting this back to NEW for now.

Comment 12 Matt Wagner 2012-08-30 21:15:10 UTC
This has been on master and in 1.1 for a while now:

commit 7d1897cebea3719ae9e4b2804aaff372b24d4437
Author: Tomáš Hrčka <thrcka>
Date:   Fri Aug 3 11:58:02 2012 +0200

    RM#3508 - Ensure that all sessions expire


and


commit 3f9d20f28db1326ca459c5680baf0ff11a74cc82
Author: Tomáš Hrčka <thrcka>
Date:   Fri Aug 3 11:58:02 2012 +0200

    RM#3508 - Ensure that all sessions expire
    (cherry picked from commit 7d1897cebea3719ae9e4b2804aaff372b24d4437)

Comment 13 Dave Johnson 2012-09-17 21:29:09 UTC
good 2 go in v1.1 CFCE 2012-09-14.5 puddle