Bug 1757423 - Users immediately logged out from User portal due to negative UserSessionTimeOutInterval
Summary: Users immediately logged out from User portal due to negative UserSessionTime...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Virtualization Manager
Classification: Red Hat
Component: ovirt-web-ui
Version: 4.3.5
Hardware: Unspecified
OS: Unspecified
low
low
Target Milestone: ovirt-4.3.8
: ---
Assignee: Sharon Gratch
QA Contact: Ivana Saranova
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2019-10-01 13:35 UTC by Jaroslav Spanko
Modified: 2022-07-09 15:22 UTC (History)
6 users (show)

Fixed In Version: ovirt-web-ui-1.6.0-2
Doc Type: Bug Fix
Doc Text:
Normally, when the "UserSessionTimeOutInterval" is set to a negative value such as "-1", the user remains logged into the VM Portal indefinitely. However, in RHV version 4.5.3.6, a negative value automatically logged the user out immediately. The current release fixes this issue, such that, with the value set to -1, the user is never automatically logged out, as expected per the config value definition in ovirt-engine engine-config.properties: "A negative value indicates that sessions never expire.": https://github.com/oVirt/ovirt-engine/blob/e0940bd9b768cb52c78f9e0d0c97afd6de7ac8a5/packaging/etc/engine-config/engine-config.properties#L218-L220
Clone Of:
Environment:
Last Closed: 2020-02-13 15:24:47 UTC
oVirt Team: UX
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github oVirt ovirt-web-ui pull 1087 0 'None' closed UserSessionTimeOut automatic logout fixed 2020-04-08 16:58:44 UTC
Red Hat Issue Tracker RHV-47495 0 None None None 2022-07-09 15:22:08 UTC
Red Hat Knowledge Base (Solution) 4456891 0 None None None 2019-10-01 13:37:28 UTC
Red Hat Product Errata RHSA-2020:0498 0 None None None 2020-02-13 15:25:11 UTC

Description Jaroslav Spanko 2019-10-01 13:35:32 UTC 
Description of problem:
After upgrade to 4.3.5.6 users are immediately logged out from User portal after login due to negative UserSessionTimeOutInterval: -1

Version-Release number of selected component (if applicable):
4.3.5.6

How reproducible:
100%

Steps to Reproduce:
1. upgrade to 4.3.5.6 
2. set UserSessionTimeOutInterval=-1
3. try login to User portal

Actual results:
Immediately logged out  

Expected results:
If the user decides that his UserSessionTimeOut = -1, he wouldn't logout.

Additional info:
https://github.com/oVirt/ovirt-web-ui/pull/1087
Comment 1 Michal Skrivanek 2019-10-02 04:49:01 UTC 
This is not a standard session we document anywhere. While we do allow it to be changed itks a bad practice to set it to “never” in production too. Despite that, a smple workaround is to use a high enough...
Fixed in 4.4
Comment 3 Jaroslav Spanko 2019-10-02 08:34:35 UTC 
It was documented in 4.1 Admin Guide so customers will bring it with upgrade ... it remains only in engine-config 
UserSessionTimeOutInterval: Timeout interval in minutes, after which inactive user sessions expire. A negative value indicates that sessions never expire. (Value Type: Integer)

But as we have KCS i am ok with that, thanks
Comment 6 Ivana Saranova 2019-12-20 15:58:55 UTC 
Steps:
1) Change UserSessionTimeOutInterval variable in engine-config to -1
2) Log in to VM portal to see if logged off immediately

Result:
User is not logged off the VM portal.

Verified in:
ovirt-engine-4.3.8.1-0.1.master.el7.noarch
ovirt-web-ui-1.6.0-2.el7ev.noarch
Comment 9 errata-xmlrpc 2020-02-13 15:24:47 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2020:0498
Note You need to log in before you can comment on or make changes to this bug.