[ovirt-users] 4.0 web UI Session expired please try again

Robert Story rstory at tislabs.com
Wed Jan 4 20:23:34 UTC 2017


On Wed, 4 Jan 2017 14:40:06 -0500 Ravi wrote:
RN> With SSO the client sends the client secret to SSO which is stored in the
RN> session. Now when the clients session expires all the information including
RN> the client secret is lost when the session is purged by the application
RN> server.

Is the session expiration time configurable?

RN> 1. login to webadmin
RN> 2. Leave the session until session time out on engine and user is
RN> redirected to login page (the client id and secret are sent)
RN> 3. If user tries to login now everything will be fine but if user leaves
RN> and the session expires the session is purged, client secret is lost
RN> 4. User enters user name password on the screen after coming back. The
RN> login form does not have a session associated with it so the client and
RN> secret are not found and SSO needs to report that the session has expired
RN> and redirect user to welcome page.

So in step 4, can't it just start a new session instead of going to an
expiration page? Or show the page for a few seconds and then start a new
session? 

Or in step 2, set a refresh on the login page that still has a session so
that when the session expires it will redirect to a login screen that will
start a new session?



Robert

-- 
Senior Software Engineer @ Parsons
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL: <http://lists.ovirt.org/pipermail/users/attachments/20170104/1f5f6fd0/attachment.sig>


More information about the Users mailing list