Project

General

Profile

Actions

Bug #21806

closed

Rudder sessions never expire when the browser stays connected

Added by Alexis Mousset over 2 years ago. Updated almost 2 years ago.

Status:
Released
Priority:
N/A
Category:
Security
Target version:
Severity:
UX impact:
User visibility:
Effort required:
Priority:
0
Name check:
To do
Fix check:
To do
Regression:
No

Description

The comet ajax request every two minutes prevents session timeout (which is set to 30 minutes by both jetty and lift by default).


Subtasks 1 (0 open1 closed)

Bug #21943: Broken session - lastNonCometAccessedTime has an unexpected valueReleasedFrançois ARMANDActions

Related issues 1 (0 open1 closed)

Related to Rudder - Bug #22146: Backport front end security improvements to 7.2ReleasedVincent MEMBRÉActions
Actions #1

Updated by Vincent MEMBRÉ about 2 years ago

  • Target version changed from 7.2.0 to 7.2.1
Actions #2

Updated by Alexis Mousset about 2 years ago

  • Status changed from New to In progress
  • Assignee set to Alexis Mousset
Actions #3

Updated by Alexis Mousset about 2 years ago

  • Status changed from In progress to New
  • Assignee deleted (Alexis Mousset)
  • Target version changed from 7.2.1 to 7.3.0~beta1
Actions #4

Updated by Alexis Mousset about 2 years ago

  • Status changed from New to In progress
  • Assignee set to Alexis Mousset
Actions #5

Updated by Alexis Mousset about 2 years ago

  • Status changed from In progress to Pending technical review
  • Assignee changed from Alexis Mousset to François ARMAND
  • Pull Request set to https://github.com/Normation/rudder/pull/4514
Actions #6

Updated by Alexis Mousset about 2 years ago

[2022-09-26 22:08:27+0000] WARN  application - TIMEOUT: node010upctymx6vzb1hhyl11y0mabu1: SessionInfo(net.liftweb.http.LiftSession@1e012137,Full(Mozilla/5.0 (X11; Fedora; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.114 Safari/537.36),Full(127.0.0.1),1,1664230100695)
[2022-09-26 22:08:27+0000] WARN  application - TIMEOUT: node010upctymx6vzb1hhyl11y0mabu1: 733348
[2022-09-26 22:08:27+0000] WARN  application - TIMEOUT: node010upctymx6vzb1hhyl11y0mabu1: 733348: 300000
[2022-09-26 22:08:27+0000] WARN  application - TIMEOUT: node010upctymx6vzb1hhyl11y0mabu1: DELETE
[2022-09-26 22:08:27+0000] WARN  application - TIMEOUT: node0oge9wdt26p7whe85ljxgecqr10: SessionInfo(net.liftweb.http.LiftSession@684d619c,Full(curl/7.76.1),Full(127.0.0.1),0,1664229951959)
[2022-09-26 22:08:27+0000] WARN  application - TIMEOUT: node0oge9wdt26p7whe85ljxgecqr10: 155060
[2022-09-26 22:08:27+0000] WARN  application - TIMEOUT: node0oge9wdt26p7whe85ljxgecqr10: 155060: 300000
[2022-09-26 22:08:37+0000] WARN  application - TIMEOUT: node0oge9wdt26p7whe85ljxgecqr10: SessionInfo(net.liftweb.http.LiftSession@684d619c,Full(curl/7.76.1),Full(127.0.0.1),0,1664229951959)
[2022-09-26 22:08:37+0000] WARN  application - TIMEOUT: node0oge9wdt26p7whe85ljxgecqr10: 165058
[2022-09-26 22:08:37+0000] WARN  application - TIMEOUT: node0oge9wdt26p7whe85ljxgecqr10: 165058: 300000
[2022-09-26 22:08:47+0000] WARN  application - TIMEOUT: node0oge9wdt26p7whe85ljxgecqr10: SessionInfo(net.liftweb.http.LiftSession@684d619c,Full(curl/7.76.1),Full(127.0.0.1),0,1664229951959)
[2022-09-26 22:08:47+0000] WARN  application - TIMEOUT: node0oge9wdt26p7whe85ljxgecqr10: 175059
[2022-09-26 22:08:47+0000] WARN  application - TIMEOUT: node0oge9wdt26p7whe85ljxgecqr10: 175059: 300000
[2022-09-26 22:08:57+0000] WARN  application - TIMEOUT: node0oge9wdt26p7whe85ljxgecqr10: SessionInfo(net.liftweb.http.LiftSession@684d619c,Full(curl/7.76.1),Full(127.0.0.1),0,1664229951959)
[2022-09-26 22:08:57+0000] WARN  application - TIMEOUT: node0oge9wdt26p7whe85ljxgecqr10: 185060
[2022-09-26 22:08:57+0000] WARN  application - TIMEOUT: node0oge9wdt26p7whe85ljxgecqr10: 185060: 300000
[2022-09-26 22:09:07+0000] WARN  application - TIMEOUT: node0oge9wdt26p7whe85ljxgecqr10: SessionInfo(net.liftweb.http.LiftSession@684d619c,Full(curl/7.76.1),Full(127.0.0.1),0,1664229951959)
[2022-09-26 22:09:07+0000] WARN  application - TIMEOUT: node0oge9wdt26p7whe85ljxgecqr10: 195060
[2022-09-26 22:09:07+0000] WARN  application - TIMEOUT: node0oge9wdt26p7whe85ljxgecqr10: 195060: 300000
[2022-09-26 22:09:17+0000] WARN  application - TIMEOUT: node0oge9wdt26p7whe85ljxgecqr10: SessionInfo(net.liftweb.http.LiftSession@684d619c,Full(curl/7.76.1),Full(127.0.0.1),0,1664229951959)
[2022-09-26 22:09:17+0000] WARN  application - TIMEOUT: node0oge9wdt26p7whe85ljxgecqr10: 205061
[2022-09-26 22:09:17+0000] WARN  application - TIMEOUT: node0oge9wdt26p7whe85ljxgecqr10: 205061: 300000
[2022-09-26 22:09:27+0000] WARN  application - TIMEOUT: node0oge9wdt26p7whe85ljxgecqr10: SessionInfo(net.liftweb.http.LiftSession@684d619c,Full(curl/7.76.1),Full(127.0.0.1),0,1664229951959)
[2022-09-26 22:09:27+0000] WARN  application - TIMEOUT: node0oge9wdt26p7whe85ljxgecqr10: 215063
[2022-09-26 22:09:27+0000] WARN  application - TIMEOUT: node0oge9wdt26p7whe85ljxgecqr10: 215063: 300000
[2022-09-26 22:09:35+0000] WARN  application - URL: /lift/ajax/F94049259371KJCKRP/
[2022-09-26 22:09:37+0000] WARN  application - TIMEOUT: node010upctymx6vzb1hhyl11y0mabu1: SessionInfo(net.liftweb.http.LiftSession@5b9dd435,Full(Mozilla/5.0 (X11; Fedora; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.114 Safari/537.36),Full(127.0.0.1),1,1664230175715)
[2022-09-26 22:09:37+0000] WARN  application - TIMEOUT: node010upctymx6vzb1hhyl11y0mabu1: 803351
[2022-09-26 22:09:37+0000] WARN  application - TIMEOUT: node010upctymx6vzb1hhyl11y0mabu1: 803351: 300000
[2022-09-26 22:09:37+0000] WARN  application - TIMEOUT: node010upctymx6vzb1hhyl11y0mabu1: DELETE
[2022-09-26 22:09:37+0000] WARN  application - TIMEOUT: node0oge9wdt26p7whe85ljxgecqr10: SessionInfo(net.liftweb.http.LiftSession@684d619c,Full(curl/7.76.1),Full(127.0.0.1),0,1664229951959)
[2022-09-26 22:09:37+0000] WARN  application - TIMEOUT: node0oge9wdt26p7whe85ljxgecqr10: 225063
[2022-09-26 22:09:37+0000] WARN  application - TIMEOUT: node0oge9wdt26p7whe85ljxgecqr10: 225063: 300000
[2022-09-26 22:09:47+0000] WARN  application - TIMEOUT: node0oge9wdt26p7whe85ljxgecqr10: SessionInfo(net.liftweb.http.LiftSession@684d619c,Full(curl/7.76.1),Full(127.0.0.1),0,1664229951959)
[2022-09-26 22:09:47+0000] WARN  application - TIMEOUT: node0oge9wdt26p7whe85ljxgecqr10: 235062
[2022-09-26 22:09:47+0000] WARN  application - TIMEOUT: node0oge9wdt26p7whe85ljxgecqr10: 235062: 300000
[2022-09-26 22:09:57+0000] WARN  application - TIMEOUT: node0oge9wdt26p7whe85ljxgecqr10: SessionInfo(net.liftweb.http.LiftSession@684d619c,Full(curl/7.76.1),Full(127.0.0.1),0,1664229951959)
[2022-09-26 22:09:57+0000] WARN  application - TIMEOUT: node0oge9wdt26p7whe85ljxgecqr10: 245063

Actions #7

Updated by Alexis Mousset about 2 years ago

  • Status changed from Pending technical review to Pending release
Actions #8

Updated by Alexis Mousset about 2 years ago

  • Subtask #21943 added
Actions #9

Updated by Alexis Mousset about 2 years ago

  • Related to Bug #22146: Backport front end security improvements to 7.2 added
Actions #10

Updated by Alexis Mousset about 2 years ago

  • Private changed from Yes to No
Actions #11

Updated by Vincent MEMBRÉ almost 2 years ago

  • Status changed from Pending release to Released

This bug has been fixed in Rudder 7.3.0~beta1 which was released today.

Actions

Also available in: Atom PDF