Description of problem: Connected to Engine via the Admin Portal. Suspend my laptop. When restarting a new session on the laptop the Admin Portal which was left open tries to reconnect and reports Error 500. N.B. This did NOT happen with 3.4 Version-Release number of selected component (if applicable): ovirt-engine-3.5.0-0.0.master.20140629172257.git0b16ed7.el6.noarch vdsm-4.16.0-3.git601f786.el6.x86_64 How reproducible: Very often Steps to Reproduce: 1. Connect to Engine via GUI 2. Work for a while 3. Leave GUI open and Suspend my laptop 4. Reconnect after an hour by opening my laptop - The Admin tries to reconnect to the engine automatically and reports Error 500. Only closing the tab and re-entering the engine IP again allows reconnection Actual results: Error 500 is reported when automatically reconnecting the GUI Expected results: Automatically reconnecting the GUI should be successfull after disconnection. Additional info: From server.log: 2014-07-03 09:53:43,500 ERROR [org.apache.catalina.core.ContainerBase.[jboss.web].[default-host].[/ovirt-engine/webadmin]] (ajp--127.0.0.1-8702-3) Exception while dispatching incoming RPC call: com.google.gwt.user.client.rpc.RpcTo kenException: Invalid RPC token (Invalid XSRF token) at org.ovirt.engine.ui.frontend.server.gwt.XsrfProtectedRpcServlet.validateXsrfToken(XsrfProtectedRpcServlet.java:95) [frontend.jar:] at org.ovirt.engine.ui.frontend.server.gwt.AbstractXsrfProtectedRpcServlet.onAfterRequestDeserialized(AbstractXsrfProtectedRpcServlet.java:57) [frontend.jar:] at com.google.gwt.rpc.server.RpcServlet.processCall(RpcServlet.java:171) [gwt-servlet.jar:] at com.google.gwt.rpc.server.RpcServlet.processPost(RpcServlet.java:233) [gwt-servlet.jar:] at com.google.gwt.user.server.rpc.AbstractRemoteServiceServlet.doPost(AbstractRemoteServiceServlet.java:62) [gwt-servlet.jar:] at javax.servlet.http.HttpServlet.service(HttpServlet.java:754) [jboss-servlet-api_3.0_spec-1.0.0.Final.jar:1.0.0.Final] at javax.servlet.http.HttpServlet.service(HttpServlet.java:847) [jboss-servlet-api_3.0_spec-1.0.0.Final.jar:1.0.0.Final] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:329) [jbossweb-7.0.13.Final.jar:] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248) [jbossweb-7.0.13.Final.jar:] at org.jboss.weld.servlet.ConversationPropagationFilter.doFilter(ConversationPropagationFilter.java:62) [weld-core-1.1.5.AS71.Final.jar:2012-02-10 15:31] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280) [jbossweb-7.0.13.Final.jar:] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248) [jbossweb-7.0.13.Final.jar:] at org.ovirt.engine.core.utils.servlet.HeaderFilter.doFilter(HeaderFilter.java:94) [utils.jar:] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280) [jbossweb-7.0.13.Final.jar:] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248) [jbossweb-7.0.13.Final.jar:] at org.ovirt.engine.ui.frontend.server.gwt.GwtCachingFilter.doFilter(GwtCachingFilter.java:132) [frontend.jar:] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280) [jbossweb-7.0.13.Final.jar:] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248) [jbossweb-7.0.13.Final.jar:] at org.ovirt.engine.core.branding.BrandingFilter.doFilter(BrandingFilter.java:72) [branding.jar:] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280) [jbossweb-7.0.13.Final.jar:] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248) [jbossweb-7.0.13.Final.jar:] at org.ovirt.engine.core.utils.servlet.LocaleFilter.doFilter(LocaleFilter.java:64) [utils.jar:] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280) [jbossweb-7.0.13.Final.jar:] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248) [jbossweb-7.0.13.Final.jar:] at org.ovirt.engine.core.aaa.filters.SessionMgmtFilter.doFilter(SessionMgmtFilter.java:31) [aaa.jar:] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280) [jbossweb-7.0.13.Final.jar:] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248) [jbossweb-7.0.13.Final.jar:] at org.ovirt.engine.core.aaa.filters.LoginFilter.doFilter(LoginFilter.java:73) [aaa.jar:] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280) [jbossweb-7.0.13.Final.jar:] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248) [jbossweb-7.0.13.Final.jar:] at org.ovirt.engine.core.aaa.filters.NegotiationFilter.doFilter(NegotiationFilter.java:104) [aaa.jar:] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280) [jbossweb-7.0.13.Final.jar:] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248) [jbossweb-7.0.13.Final.jar:] at org.ovirt.engine.core.aaa.filters.BasicAuthenticationFilter.doFilter(BasicAuthenticationFilter.java:75) [aaa.jar:] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280) [jbossweb-7.0.13.Final.jar:] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248) [jbossweb-7.0.13.Final.jar:] at org.ovirt.engine.core.aaa.filters.SessionValidationFilter.doFilter(SessionValidationFilter.java:63) [aaa.jar:]
Alexander: related / duplicate of bug 1110786?
Yes this is definitely related to 1110786. What is basically happening is the following sequence: 1. The user logs in and acquires an XSRF token (based on session). 2. The user does his thing and suspends his laptop for an hour. During this time the session times out and the user is logged out. 3. The laptop comes back at this point the laptop still has the old XSRF token as well as the old session. 4. The user attempts to acquire a new XSRF token using the old session cookie, this generates the wrong token and you get a token mismatch and thus the 500 error. One of the things I am going to be doing to fix 1110786 is fix how the token is generates when the browser presents an old session, so that should solve this particular issue.
oVirt 3.5 has been released and should include the fix for this issue.