Bug 794536 - conductor should have an inactivity timeout
Summary: conductor should have an inactivity timeout
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: CloudForms Cloud Engine
Classification: Retired
Component: aeolus-conductor
Version: 1.0.0
Hardware: Unspecified
OS: Unspecified
unspecified
medium
Target Milestone: rc
Assignee: Imre Farkas
QA Contact: wes hayutin
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2012-02-17 03:27 UTC by wes hayutin
Modified: 2012-12-13 19:49 UTC (History)
10 users (show)

Fixed In Version: v0.8.0-38
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2012-12-13 19:49:29 UTC

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description wes hayutin 2012-02-17 03:27:53 UTC 
Description of problem:

conductor should have an inactivity timeout and log a user out after $x time
Comment 1 Hugh Brock 2012-02-27 15:58:31 UTC 
Yes. Let's have sessions time out after 15 minutes of inactivity, by default.
Comment 2 Jiri Tomasek 2012-02-28 13:25:54 UTC 
fix posted in https://fedorahosted.org/pipermail/aeolus-devel/2012-February/009200.html
Comment 3 Jiri Tomasek 2012-02-28 15:02:49 UTC 
fixed in commit 00d33c5b787975e7e2e90bf4f681971d2e530454
Comment 4 Steve Linabery 2012-02-28 17:13:15 UTC 
a38a265
Comment 5 Shveta 2012-02-29 05:46:29 UTC 
Got logged out after 15 minutes of inactivity.


Verified in 
rpm -qa|grep aeolus
aeolus-conductor-0.8.0-38.el6.noarch
aeolus-all-0.8.0-38.el6.noarch
aeolus-conductor-daemons-0.8.0-38.el6.noarch
aeolus-configure-2.5.0-15.el6.noarch
rubygem-aeolus-image-0.3.0-10.el6.noarch
rubygem-aeolus-cli-0.3.0-11.el6.noarch
aeolus-conductor-doc-0.8.0-38.el6.noarch
Comment 6 Hugh Brock 2012-03-02 20:11:36 UTC 
The fix for this bug as it turns out creates way more problems than it solves. We have lots of code that automatically refreshes portions of a page, and lots of long-running operations. It's not reasonable to time the user out in the middle of a build without a warning, but this is exactly what will happen with the current code; the alternative is that automatic refreshes every 30 seconds continually reset the inactivity timer, so the user never actually times out. Fixing these issues and the other host of issues that have come up around it is out of scope for this release.

I'm moving this to the next release. For 1.0, we need to document that users must manually log out of their sessions or they will never expire.
Comment 7 Matt Wagner 2012-03-02 21:58:53 UTC 
re: the above comment, I pushed a revert for this, in https://bugzilla.redhat.com/show_bug.cgi?id=799516 (which has been ACKed on this list)

This BZ be reimplemented in an upcoming sprint. The patch itself was perfectly fine, but we need a few additional things -- see #799516 for details.
Comment 8 Matt Wagner 2012-03-06 14:55:07 UTC 
For the record, the commit is:

commit e519fe57a7153abe054983e139cc57cd289194b5
Author: Matt Wagner <matt.wagner>
Date:   Fri Mar 2 16:01:15 2012 -0500

    Revert "BZ794536 Timeout session after 15 minutes of inactivity"
    
    This reverts commit 00d33c5b787975e7e2e90bf4f681971d2e530454.
    
    See https://bugzilla.redhat.com/show_bug.cgi?id=799516



Setting this back to NEW for now.
Comment 12 Matt Wagner 2012-08-30 21:15:10 UTC 
This has been on master and in 1.1 for a while now:

commit 7d1897cebea3719ae9e4b2804aaff372b24d4437
Author: Tomáš Hrčka <thrcka>
Date:   Fri Aug 3 11:58:02 2012 +0200

    RM#3508 - Ensure that all sessions expire


and


commit 3f9d20f28db1326ca459c5680baf0ff11a74cc82
Author: Tomáš Hrčka <thrcka>
Date:   Fri Aug 3 11:58:02 2012 +0200

    RM#3508 - Ensure that all sessions expire
    (cherry picked from commit 7d1897cebea3719ae9e4b2804aaff372b24d4437)
Comment 13 Dave Johnson 2012-09-17 21:29:09 UTC 
good 2 go in v1.1 CFCE 2012-09-14.5 puddle
Note You need to log in before you can comment on or make changes to this bug.