| Summary: | conductor should have an inactivity timeout | ||
|---|---|---|---|
| Product: | [Retired] CloudForms Cloud Engine | Reporter: | wes hayutin <whayutin> |
| Component: | aeolus-conductor | Assignee: | Imre Farkas <ifarkas> |
| Status: | CLOSED CURRENTRELEASE | QA Contact: | wes hayutin <whayutin> |
| Severity: | medium | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 1.0.0 | CC: | akarol, athomas, cpelland, dajohnso, deltacloud-maint, hbrock, matt.wagner, morazi, slinaber, ssachdev |
| Target Milestone: | rc | Keywords: | Triaged |
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | v0.8.0-38 | Doc Type: | Bug Fix |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2012-12-13 19:49:29 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
|
Description
wes hayutin
2012-02-17 03:27:53 UTC
Yes. Let's have sessions time out after 15 minutes of inactivity, by default. fixed in commit 00d33c5b787975e7e2e90bf4f681971d2e530454 a38a265 Got logged out after 15 minutes of inactivity. Verified in rpm -qa|grep aeolus aeolus-conductor-0.8.0-38.el6.noarch aeolus-all-0.8.0-38.el6.noarch aeolus-conductor-daemons-0.8.0-38.el6.noarch aeolus-configure-2.5.0-15.el6.noarch rubygem-aeolus-image-0.3.0-10.el6.noarch rubygem-aeolus-cli-0.3.0-11.el6.noarch aeolus-conductor-doc-0.8.0-38.el6.noarch The fix for this bug as it turns out creates way more problems than it solves. We have lots of code that automatically refreshes portions of a page, and lots of long-running operations. It's not reasonable to time the user out in the middle of a build without a warning, but this is exactly what will happen with the current code; the alternative is that automatic refreshes every 30 seconds continually reset the inactivity timer, so the user never actually times out. Fixing these issues and the other host of issues that have come up around it is out of scope for this release. I'm moving this to the next release. For 1.0, we need to document that users must manually log out of their sessions or they will never expire. re: the above comment, I pushed a revert for this, in https://bugzilla.redhat.com/show_bug.cgi?id=799516 (which has been ACKed on this list) This BZ be reimplemented in an upcoming sprint. The patch itself was perfectly fine, but we need a few additional things -- see #799516 for details. For the record, the commit is:
commit e519fe57a7153abe054983e139cc57cd289194b5
Author: Matt Wagner <matt.wagner>
Date: Fri Mar 2 16:01:15 2012 -0500
Revert "BZ794536 Timeout session after 15 minutes of inactivity"
This reverts commit 00d33c5b787975e7e2e90bf4f681971d2e530454.
See https://bugzilla.redhat.com/show_bug.cgi?id=799516
Setting this back to NEW for now.
This has been on master and in 1.1 for a while now:
commit 7d1897cebea3719ae9e4b2804aaff372b24d4437
Author: Tomáš Hrčka <thrcka>
Date: Fri Aug 3 11:58:02 2012 +0200
RM#3508 - Ensure that all sessions expire
and
commit 3f9d20f28db1326ca459c5680baf0ff11a74cc82
Author: Tomáš Hrčka <thrcka>
Date: Fri Aug 3 11:58:02 2012 +0200
RM#3508 - Ensure that all sessions expire
(cherry picked from commit 7d1897cebea3719ae9e4b2804aaff372b24d4437)
good 2 go in v1.1 CFCE 2012-09-14.5 puddle |