Bug 215547 - Bugzilla frequently logs out behind a firewall
Bugzilla frequently logs out behind a firewall
Product: Bugzilla
Classification: Community
Component: Bugzilla General (Show other bugs)
All Linux
medium Severity high (vote)
: ---
: ---
Assigned To: Bernd Groh
David Lawrence
Depends On:
  Show dependency treegraph
Reported: 2006-11-14 11:45 EST by Amit Bhutani
Modified: 2014-06-18 04:21 EDT (History)
5 users (show)

See Also:
Fixed In Version: 2.18
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2006-11-15 16:53:21 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Amit Bhutani 2006-11-14 11:45:46 EST
Description of problem:
While using RH Bugzilla from behind the Dell corporate firewall (proxy),
Bugzilla logs you out every 30 secs or less of inactivity. This makes using RH
Bugzilla completely *unusable*. Works great from home when directly connecting
to the Internet.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. Login to RH Bugzilla from behind a firewall such as foo.bar.com with your
@dell.com account
2. Stay inactive for ~ 30 secs
3. Try to access some (non-public) bug that requires you to remain logged in

Actual results:
Bugzilla takes you to the login page and makes you login again

Expected results:
Should stay logged in and Bugzilla should take you the issue

Additional info
This is a more recent observation (past 3 mos. perhaps) and didn't use to happen
before that. This only happens with RH's version of Bugzilla. Other public
Bugzillas (Xorg, Kernel, SuSE etc.) work fine from behind the firewall and keep
you logged in.
Comment 1 Matt Domsch 2006-11-14 13:02:25 EST
It's worth noting that Dell's proxy servers are actually a farm, with round 
robin DNS set to 30 seconds.  So every 30 seconds the clients will be using a 
different proxy.  So client IP-based cookies for authentication won't work 
well, and is most likely the cause.
Comment 2 David Lawrence 2006-11-14 15:30:39 EST
Well that would be the problem in this case. Is this something that has changed
recently since (as far as I know) dell.com accounts have been working up until
recently? Nothing has changed on the Bugzilla code side for quite a while now.
Comment 3 Matt Domsch 2006-11-14 15:35:48 EST
no change here, it's been broken for a long time. Amit's just feeling the most 
pain right now.
Comment 4 Kevin Baker 2006-11-14 16:46:45 EST
Ok, I changed the configuration so that it will accept an IP that remains within
a /24. But perhaps I should have asked Matt how big is the round robin pool first?
Comment 5 Matt Domsch 2006-11-14 17:01:36 EST
How about a /16 :-)

Seriously.  The Dell Austin pool looks like it bounces between 143.166.99.x 
and 143.166.217.x.
Comment 6 Kevin Baker 2006-11-14 18:28:03 EST
ok, done. 
Comment 7 Amit Bhutani 2006-11-15 09:07:20 EST
Still working from home. Will provide feedback once I'm behind the firewall
(later today).
Comment 8 Larry Troan 2006-11-15 09:14:06 EST
Amit, putting this in NEEDINFO pending your response to "Does this change
resolve the problem?"

Also, I'm curious why Dell has problems with Red Hat's Bugzilla but not the
Novelll/SuSE or kernel.org versions? Is Red Hat "avant garde" or in the "Dark
Ages" regarding our Bugzilla version compared to the other two examples?
Comment 9 Kevin Baker 2006-11-15 09:52:46 EST
It is a configuration option in all bugzillas. Ours was configured to be more
strict than others.

AIUI this is the first complaint we have had about it. 
Comment 10 David Lawrence 2006-11-15 10:13:00 EST
Those may be using a newer version of Bugzilla which allows user to disable the
IP address tracking feature of Bugzilla as a preference. This causes a slight
loss in security as it makes it a little easier for someone to spoof another's
account. We do not allow this to be disabled currently.
Comment 11 Amit Bhutani 2006-11-15 16:44:47 EST
So, as of this morning (brand new), bugzilla login page has an option exposed to
users labeled "Restrict this session to this IP address". This is checked by
default. If you login with this option checked, the behavior is still as before
and frequent (every 30 secs) logins are required. Unchecking the box, makes your
sessions persist and sessions persist like a charm!! 

Thanks for implementing. We can close this request now. Now, if we could only
get some of the same magic from Dave/Kevin in our (other) master bugzilla woes
tracker i.e. bz# 213248, that would be grrrreat!!!!! ;-)

Note You need to log in before you can comment on or make changes to this bug.