Bug #12581
closed
Remove max concurrent session limit to avoid denial of services
Description
In #12481 we corrected a bug that was not correctly couting session created in Jetty by Rudder. That correction implies that now, the number of concurrent sessions is limited to 2.
This number is ok when people use different user, but in a company where everybody use "admin", it will quickly become a limiting factor.
So we need to make that parameter configurable, and also make the auto-logout configurable.
=> by default, we will use 2 concurrent session with 1h auto-logout.
Updated by François ARMAND almost 6 years ago
- Related to Bug #12481: When logged > 3 times, oldest session is logged out but not immediately added
Updated by François ARMAND almost 6 years ago
- Status changed from New to In progress
Updated by François ARMAND almost 6 years ago
- Target version changed from 4.1.12 to 4.3.2
It need to only be done in 4.3 (before it was not limited).
Updated by François ARMAND almost 6 years ago
In fact, Spring being what it is, it is unbelievabelly hard to configured it (given our version etc).
So I propose to just come back to previous behavior and disable it.
Updated by François ARMAND almost 6 years ago
- Status changed from In progress to Pending technical review
- Assignee changed from François ARMAND to Benoît PECCATTE
- Pull Request set to https://github.com/Normation/rudder/pull/1928
Updated by François ARMAND almost 6 years ago
- Status changed from Pending technical review to Pending release
Applied in changeset rudder|a2d9c4c334e337a261f2f7f16cedb87200c528fd.
Updated by François ARMAND almost 6 years ago
- Subject changed from Allow to configure max concurrent session and session timeout to Remove max concurrent session limit to avoid denial of services
Updated by Vincent MEMBRÉ almost 6 years ago
- Status changed from Pending release to Released
This bug has been fixed in Rudder 4.3.2 which was released today.
- 4.3.2: Announce Changelog
- Download: https://www.rudder-project.org/site/get-rudder/downloads/