Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 1115918

Summary: GUI Reconnection after disconnection returns Error 500
Product: [Retired] oVirt Reporter: Kevin Alon Goldblatt <kgoldbla>
Component: ovirt-engine-coreAssignee: Alexander Wels <awels>
Status: CLOSED CURRENTRELEASE QA Contact: Jiri Belka <jbelka>
Severity: high Docs Contact:
Priority: unspecified    
Version: 3.5CC: awels, bugs, ecohen, gklein, iheim, rbalakri, yeylon
Target Milestone: ---   
Target Release: 3.5.0   
Hardware: x86_64   
OS: Linux   
Whiteboard: ux
Fixed In Version: ovirt-3.5.0_rc1.1 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2014-10-17 12:36:57 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: UX RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Kevin Alon Goldblatt 2014-07-03 10:39:05 UTC 
Description of problem: Connected to Engine via the Admin Portal. Suspend my laptop. When restarting a new session on the laptop the Admin Portal which was left open tries to reconnect and reports Error 500. N.B. This did NOT happen with 3.4


Version-Release number of selected component (if applicable):
ovirt-engine-3.5.0-0.0.master.20140629172257.git0b16ed7.el6.noarch
vdsm-4.16.0-3.git601f786.el6.x86_64

How reproducible: Very often


Steps to Reproduce:
1. Connect to Engine via GUI 
2. Work for a while
3. Leave GUI open and Suspend my laptop
4. Reconnect after an hour by opening my laptop - The Admin tries to reconnect to the engine automatically and reports Error 500. Only closing the tab and re-entering the engine IP again allows reconnection

Actual results:
Error 500 is reported when automatically reconnecting the GUI

Expected results:
Automatically reconnecting the GUI should be successfull after disconnection.



Additional info: From server.log:


2014-07-03 09:53:43,500 ERROR [org.apache.catalina.core.ContainerBase.[jboss.web].[default-host].[/ovirt-engine/webadmin]] (ajp--127.0.0.1-8702-3) Exception while dispatching incoming RPC call: com.google.gwt.user.client.rpc.RpcTo
kenException: Invalid RPC token (Invalid XSRF token)
        at org.ovirt.engine.ui.frontend.server.gwt.XsrfProtectedRpcServlet.validateXsrfToken(XsrfProtectedRpcServlet.java:95) [frontend.jar:]
        at org.ovirt.engine.ui.frontend.server.gwt.AbstractXsrfProtectedRpcServlet.onAfterRequestDeserialized(AbstractXsrfProtectedRpcServlet.java:57) [frontend.jar:]
        at com.google.gwt.rpc.server.RpcServlet.processCall(RpcServlet.java:171) [gwt-servlet.jar:]
        at com.google.gwt.rpc.server.RpcServlet.processPost(RpcServlet.java:233) [gwt-servlet.jar:]
        at com.google.gwt.user.server.rpc.AbstractRemoteServiceServlet.doPost(AbstractRemoteServiceServlet.java:62) [gwt-servlet.jar:]
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:754) [jboss-servlet-api_3.0_spec-1.0.0.Final.jar:1.0.0.Final]
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:847) [jboss-servlet-api_3.0_spec-1.0.0.Final.jar:1.0.0.Final]
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:329) [jbossweb-7.0.13.Final.jar:]
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248) [jbossweb-7.0.13.Final.jar:]
        at org.jboss.weld.servlet.ConversationPropagationFilter.doFilter(ConversationPropagationFilter.java:62) [weld-core-1.1.5.AS71.Final.jar:2012-02-10 15:31]
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280) [jbossweb-7.0.13.Final.jar:]
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248) [jbossweb-7.0.13.Final.jar:]
        at org.ovirt.engine.core.utils.servlet.HeaderFilter.doFilter(HeaderFilter.java:94) [utils.jar:]
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280) [jbossweb-7.0.13.Final.jar:]
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248) [jbossweb-7.0.13.Final.jar:]
        at org.ovirt.engine.ui.frontend.server.gwt.GwtCachingFilter.doFilter(GwtCachingFilter.java:132) [frontend.jar:]
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280) [jbossweb-7.0.13.Final.jar:]
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248) [jbossweb-7.0.13.Final.jar:]
        at org.ovirt.engine.core.branding.BrandingFilter.doFilter(BrandingFilter.java:72) [branding.jar:]
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280) [jbossweb-7.0.13.Final.jar:]
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248) [jbossweb-7.0.13.Final.jar:]
        at org.ovirt.engine.core.utils.servlet.LocaleFilter.doFilter(LocaleFilter.java:64) [utils.jar:]
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280) [jbossweb-7.0.13.Final.jar:]
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248) [jbossweb-7.0.13.Final.jar:]
        at org.ovirt.engine.core.aaa.filters.SessionMgmtFilter.doFilter(SessionMgmtFilter.java:31) [aaa.jar:]
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280) [jbossweb-7.0.13.Final.jar:]
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248) [jbossweb-7.0.13.Final.jar:]
        at org.ovirt.engine.core.aaa.filters.LoginFilter.doFilter(LoginFilter.java:73) [aaa.jar:]
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280) [jbossweb-7.0.13.Final.jar:]
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248) [jbossweb-7.0.13.Final.jar:]
        at org.ovirt.engine.core.aaa.filters.NegotiationFilter.doFilter(NegotiationFilter.java:104) [aaa.jar:]
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280) [jbossweb-7.0.13.Final.jar:]
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248) [jbossweb-7.0.13.Final.jar:]
        at org.ovirt.engine.core.aaa.filters.BasicAuthenticationFilter.doFilter(BasicAuthenticationFilter.java:75) [aaa.jar:]
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280) [jbossweb-7.0.13.Final.jar:]
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248) [jbossweb-7.0.13.Final.jar:]
        at org.ovirt.engine.core.aaa.filters.SessionValidationFilter.doFilter(SessionValidationFilter.java:63) [aaa.jar:]
Comment 1 Einav Cohen 2014-07-22 17:54:24 UTC 
Alexander: related / duplicate of bug 1110786?
Comment 2 Alexander Wels 2014-07-23 15:04:50 UTC 
Yes this is definitely related to 1110786. What is basically happening is the following sequence:

1. The user logs in and acquires an XSRF token (based on session).
2. The user does his thing and suspends his laptop for an hour. During this time the session times out and the user is logged out.
3. The laptop comes back at this point the laptop still has the old XSRF token as well as the old session.
4. The user attempts to acquire a new XSRF token using the old session cookie, this generates the wrong token and you get a token mismatch and thus the 500 error.

One of the things I am going to be doing to fix 1110786 is fix how the token is generates when the browser presents an old session, so that should solve this particular issue.
Comment 3 Sandro Bonazzola 2014-10-17 12:36:57 UTC 
oVirt 3.5 has been released and should include the fix for this issue.