[ovirt-users] 4.0 web UI Session expired please try again
Ravi Nori
rnori at redhat.com
Wed Jan 4 21:17:09 UTC 2017
A redirect to the login page from error page would be a more reasonable
solution IMO.
On Wed, Jan 4, 2017 at 3:23 PM, Robert Story <rstory at tislabs.com> wrote:
> On Wed, 4 Jan 2017 14:40:06 -0500 Ravi wrote:
> RN> With SSO the client sends the client secret to SSO which is stored in
> the
> RN> session. Now when the clients session expires all the information
> including
> RN> the client secret is lost when the session is purged by the application
> RN> server.
>
> Is the session expiration time configurable?
>
> RN> 1. login to webadmin
> RN> 2. Leave the session until session time out on engine and user is
> RN> redirected to login page (the client id and secret are sent)
> RN> 3. If user tries to login now everything will be fine but if user
> leaves
> RN> and the session expires the session is purged, client secret is lost
> RN> 4. User enters user name password on the screen after coming back. The
> RN> login form does not have a session associated with it so the client and
> RN> secret are not found and SSO needs to report that the session has
> expired
> RN> and redirect user to welcome page.
>
> So in step 4, can't it just start a new session instead of going to an
> expiration page? Or show the page for a few seconds and then start a new
> session?
>
> Or in step 2, set a refresh on the login page that still has a session so
> that when the session expires it will redirect to a login screen that will
> start a new session?
>
>
>
> Robert
>
> --
> Senior Software Engineer @ Parsons
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ovirt.org/pipermail/users/attachments/20170104/4865c65f/attachment-0001.html>
More information about the Users
mailing list