Bug 799421 - Backbone.js auto-refresh defeats session timeout
Backbone.js auto-refresh defeats session timeout
Status: CLOSED CURRENTRELEASE
Product: CloudForms Cloud Engine
Classification: Red Hat
Component: aeolus-conductor (Show other bugs)
1.0.0
Unspecified Unspecified
unspecified Severity medium
: rc
: ---
Assigned To: Angus Thomas
Rehana
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2012-03-02 11:57 EST by Matt Wagner
Modified: 2014-08-17 18:27 EDT (History)
5 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2012-08-30 13:15:40 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Matt Wagner 2012-03-02 11:57:56 EST
Description of problem:
On pages that use Backbone.js, they will re-query every 30 seconds (or whatever), keeping the sessions alive indefinitely. This renders the 15-minute inactivity timeout ineffective if you happen to leave a tab with auto-refreshes open.


Steps to Reproduce:
1. Log in, navigate to a page with Backbone (like the default pool list page)
2. Leave the page unattended for >15 minutes
3. Click some link


Actual results:
Page loads because your session times out.


Expected results:
Page redirects you to login page because your session has timed out.
Comment 1 Matt Wagner 2012-03-02 15:14:17 EST
This is caused by https://bugzilla.redhat.com/show_bug.cgi?id=794536 -- which seems to be gaining support for being reverted. I suggest holding off on addressing this bug until the outcome of that one is clear.
Comment 2 Hugh Brock 2012-03-06 09:50:40 EST
This is fixed by reverting the patch for 794536, as above.
Comment 3 wes hayutin 2012-03-30 14:57:56 EDT
assigning to rehana
Comment 4 Rehana 2012-04-03 08:26:57 EDT
Observed that the browser session didn't get timed out after 15min.

hence moving the status to verified;

verified on ;

rpm -qa | grep aeolus
rubygem-aeolus-image-0.3.0-12.el6.noarch
aeolus-conductor-0.8.7-1.el6.noarch
aeolus-conductor-doc-0.8.7-1.el6.noarch
aeolus-conductor-daemons-0.8.7-1.el6.noarch
aeolus-configure-2.5.2-1.el6.noarch
aeolus-all-0.8.7-1.el6.noarch
rubygem-aeolus-cli-0.3.1-1.el6.noarch

Note You need to log in before you can comment on or make changes to this bug.