Bug 1840166 - ERF42-4995 [Foreman::Exception]: Invalid authenticity token message displayed with traceback, If re-login the machine after session timed-out .
Summary: ERF42-4995 [Foreman::Exception]: Invalid authenticity token message displayed...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Satellite
Classification: Red Hat
Component: Authentication
Version: 6.8.0
Hardware: x86_64
OS: Linux
unspecified
medium
Target Milestone: 6.8.0
Assignee: Tomer Brisker
QA Contact: Devendra Singh
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2020-05-26 13:52 UTC by Devendra Singh
Modified: 2020-10-27 13:03 UTC (History)
5 users (show)

Fixed In Version: foreman-2.1.2.3-1
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2020-10-27 13:02:44 UTC
Target Upstream Version:

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)


Links
System ID Priority Status Summary Last Updated
Foreman Issue Tracker 10577 Normal Closed ERF42-4995 - Invalid authenticity token (Session timed out at login screen) 2020-10-28 17:41:31 UTC
Red Hat Product Errata RHSA-2020:4366 None None None 2020-10-27 13:03:08 UTC

Description Devendra Singh 2020-05-26 13:52:11 UTC 
Description of problem:

ERF42-4995 [Foreman::Exception]: Invalid authenticity token message displayed with traceback, If I re-login the machine after the session out.

Version-Release number of selected component (if applicable):
6.8 Snap1

How reproducible:
always

Steps to Reproduce:
1. Install the satellite with 6.8 
2. wait for session timed out.
3. After session timed out, re-login the machine again, then we get ERF42-4995 [Foreman::Exception]:.

Actual results:
Some exceptions observed, If we re-login the machine after the session out.

Expected results:
No exception should come if we re-login the machine after the session timed out.

Additional info:
Comment 9 Tomer Brisker 2020-07-08 15:13:44 UTC 
What authentication source is the user which is timing out using? Is any external authentication enabled?
Does this occur for all users or only a specific one? 
How long passed between the timeout and the re-login attempt?
Comment 10 Tomer Brisker 2020-07-08 15:15:45 UTC 
Additionally, are you certain this isn't also the case in 6.7 and older? https://projects.theforeman.org/issues/10577 seems like a similar issue and is 5 years old.
Comment 11 Devendra Singh 2020-07-10 16:53:23 UTC 
(In reply to Tomer Brisker from comment #10)
> Additionally, are you certain this isn't also the case in 6.7 and older?
> https://projects.theforeman.org/issues/10577 seems like a similar issue and
> is 5 years old.

I am not sure about other versions but I didn't face this issue on 6.7.
Comment 12 Tomer Brisker 2020-07-12 06:49:26 UTC 
Please reply to the questions in comment #9 as well. Also, did you have multiple tabs open by any chance when the session timed out?
Comment 16 Tomer Brisker 2020-07-20 07:20:44 UTC 
Connecting redmine issue https://projects.theforeman.org/issues/10577 from this bug
Comment 19 Bryan Kearney 2020-07-20 12:04:07 UTC 
Upstream bug assigned to tbrisker@redhat.com
Comment 20 Bryan Kearney 2020-07-20 12:04:09 UTC 
Moving this bug to POST for triage into Satellite since the upstream issue https://projects.theforeman.org/issues/10577 has been resolved.
Comment 28 Devendra Singh 2020-09-08 14:40:32 UTC 
Verified on 6.8 Snap14.

Verification points:

1: Didn't see the foreman-exception after re-login the ipv6 machine after autologous.
2: # rpm -qa|grep foreman-2.1.2.
foreman-2.1.2.7-1.el7sat.noarch
Comment 31 errata-xmlrpc 2020-10-27 13:02:44 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Important: Satellite 6.8 release), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2020:4366
Note You need to log in before you can comment on or make changes to this bug.