Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 1667489

Summary:	UserSessionTimeOutInterval key doesn't take effect on VM Portal
Product:	Red Hat Enterprise Virtualization Manager	Reporter:	Olimp Bockowski <obockows>
Component:	ovirt-web-ui	Assignee:	biakymet
Status:	CLOSED ERRATA	QA Contact:	samuel macko <smacko>
Severity:	high	Docs Contact:
Priority:	high
Version:	4.2.8	CC:	biakymet, gshereme, michal.skrivanek, sdickers, sgoodman, sgratch
Target Milestone:	ovirt-4.3.5	Keywords:	ZStream
Target Release:	---	Flags:	lsvaty: testing_plan_complete-
Hardware:	x86_64
OS:	Linux
Whiteboard:
Fixed In Version:		Doc Type:	Bug Fix
Doc Text:	Previously, although SSO tokens are supposed to expire after a period of user inactivity that is defined in engine-config, the VM portal sent a request every minute. Consequently, the SSO token never expired on the VM portal, and the VM portal continued running even when was unused in the background. This bug is now fixed. When the user does not actively use the VM portal for a period of time defined in engine-config, the VM portal presents a prompt. The user is automatically logged out after 30 seconds unless choosing to stay logged in.	Story Points:	---
Clone Of:		Environment:
Last Closed:	2019-08-12 11:55:44 UTC	Type:	Bug
Regression:	---	Mount Type:	---
Documentation:	---	CRM:
Verified Versions:		Category:	---
oVirt Team:	UX	RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---	Target Upstream Version:
Embargoed:

Description Olimp Bockowski 2019-01-18 15:47:34 UTC

Description of problem:
The key UserSessionTimeOutInterval for engine-config is used to set timeout interval in minutes, after which inactive user sessions expire.
It doesn't take effect for VM Portal, but works perfectly for Administrator Portal.

Version-Release number of selected component (if applicable):
4.2.7

How reproducible:
always

Steps to Reproduce:
1. engine-config --set UserSessionTimeOutInterval=1
2. systemctl restart ovirt-engine
3. in 2 annonymous windows log into VM portal and Administrator Portal
4. Wait more than 1 minute and see that the user is logged out from Admin but not VM Portal

Actual results:
User in VM Portal is never logged out

Expected results:
the parameter takes effect for both Portals

Additional info:
Most likely the difference is due to the fact that in ovirt-web-ui we have JS frontend and there are perdiocal REST API requests, while in Admin Portal it is handled in a different way? Maybe we should resolve it providing some counter/observer in ovirt-web-ui?

Justification from a customer why it is a bug:

"From the perspective of the user and the administrator:
- one product feature has been lost
- the behavior is no longer consistent to the documentation
- there is a big security risk because the VM_Portal remains logged in.

Since the VM portal is hidden when the console is opened, the user does not log off the portal while working with his VM.
As a result, hundreds of VM portals remain active throughout the day and noticeably burden the RHV management server.
This is what I can notice during my work on Management-Portal. "

Comment 3 Michal Skrivanek 2019-03-18 09:01:37 UTC

https://github.com/oVirt/ovirt-web-ui/pull/968

Comment 4 Scott Dickerson 2019-05-23 18:14:46 UTC

(In reply to Michal Skrivanek from comment #3)
> https://github.com/oVirt/ovirt-web-ui/pull/968

Merged 16-Apr: https://github.com/oVirt/ovirt-web-ui/pull/968#event-2279267505

smacko tested and approved 16-Apr: https://github.com/oVirt/ovirt-web-ui/pull/968#issuecomment-483598228

Comment 5 Scott Dickerson 2019-05-30 17:04:45 UTC

Note: Logout components were refactored [1] and touched the SessionActivityTracker in PR 868.  This caused regression [2].  Regression is fixed in [3].

[1] https://github.com/oVirt/ovirt-web-ui/pull/1014
[2] https://github.com/oVirt/ovirt-web-ui/issues/1024
[3] https://github.com/oVirt/ovirt-web-ui/pull/1025

Comment 9 samuel macko 2019-07-10 11:08:17 UTC

Verified on ovirt-engine 4.3.5.3-0.1.el7.
Verified by following the reproducer.

Comment 11 errata-xmlrpc 2019-08-12 11:55:44 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2019:2449

Comment 12 Daniel Gur 2019-08-28 13:14:17 UTC

sync2jira

Comment 13 Daniel Gur 2019-08-28 13:19:19 UTC

sync2jira