Bug 1338013 - User session is not isolated when simultaneous logins with same credentials
Summary: User session is not isolated when simultaneous logins with same credentials
Keywords:
Status: CLOSED DEFERRED
Alias: None
Product: Red Hat Satellite
Classification: Red Hat
Component: Users & Roles
Version: 6.2.0
Hardware: Unspecified
OS: Unspecified
unspecified
medium
Target Milestone: Unspecified
Assignee: Ivan Necas
QA Contact: Katello QA List
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-05-20 17:22 UTC by Bruno Rocha
Modified: 2019-09-26 14:00 UTC (History)
7 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2017-03-14 17:23:40 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Foreman Issue Tracker 15150 0 None None None 2016-05-23 19:36:48 UTC

Description Bruno Rocha 2016-05-20 17:22:14 UTC 
Created attachment 1160019 [details]
Screen Recording showing the session sharing for simultaneous users

Description of problem:

Many companies keeps the bad practice of sharing the same admin user and password across all the associates.

In Satellite if simultaneous users login using same credentials the session context is not isolated

So changes of organization context in one will reflect in all the other sessions. 


Version-Release number of selected component (if applicable):

Sat 6.2 - RHEL7 

How reproducible:

Always (when two or more users login using same credentials)

Steps to Reproduce:
Take a look at the attached screen record.

Actual results:

Organization changes in one session reflects in all the others


Expected results:

Session context isolation
or
Preventing users to login if there is an active session


Additional info:
attached video
Comment 3 Ivan Necas 2016-05-23 19:36:46 UTC 
Created redmine issue http://projects.theforeman.org/issues/15150 from this bug
Comment 4 Ivan Necas 2016-05-23 19:40:45 UTC 
Proposed fix at https://github.com/theforeman/foreman/pull/3544
Comment 6 sthirugn@redhat.com 2016-06-03 18:30:20 UTC 
It looks like the fix is already in upstream.  Can we get this in for GA, we are doing time consuming workaround (create/delete new user for each test) in automation because of this issue.
Comment 9 Bryan Kearney 2017-03-14 17:23:40 UTC 
An upstream issue has been opened for this. When this is fixed, the next version of satellite will contain the fix. We will no longer be tracking this downstream. If you feel this was closed in error, please feel free to re-open with additional information.
Note You need to log in before you can comment on or make changes to this bug.