You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ranger.apache.org by Mehul Parikh <xs...@gmail.com> on 2021/10/05 05:42:14 UTC
Re: Review Request 73619: RANGER-3457 : [Session Timeout-Ranger]With
multiple tabs if one tab encounters session idle timeout other active
tab still continues with old/invalid session cookie.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/73619/#review223567
-----------------------------------------------------------
Ship it!
Ship It!
- Mehul Parikh
On Sept. 30, 2021, 10:40 a.m., Nitin Galave wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/73619/
> -----------------------------------------------------------
>
> (Updated Sept. 30, 2021, 10:40 a.m.)
>
>
> Review request for ranger, Dhaval Shah, Dineshkumar Yadav, Jayendra Parab, Kishor Gollapalliwar, Abhay Kulkarni, Mehul Parikh, Pradeep Agrawal, Ramesh Mani, Sailaja Polavarapu, and Velmurugan Periasamy.
>
>
> Bugs: RANGER-3457
> https://issues.apache.org/jira/browse/RANGER-3457
>
>
> Repository: ranger
>
>
> Description
> -------
>
> 1)
> *Steps:*
>
> 1. Configured ranger.service.inactivity.timeout to 45 sec
>
> 2. Opened ranger UI on multiple tabs.
>
> 3. Left the session idle for 40 secsĀ
>
> 4. once the popup for session idle going to expire shows up clicked on the "stay logged in" button and performed an operation in one of the tabs.
>
> *Observation*
> # Other tabs which were opened removed the RangerSessionID, but the tab which became active before timeout still using the same RangerSessionID.
> # Clicking a link from the above active tab to a new tab still uses the same RangerSessionID which was removed earlier
> # But when clicking ranger ui from CP it opens with a new RangerSessionID
>
> *Note:*
>
> Though using RangerSessionID which was removed in other tabs, i was able to navigate and perform policy updates. But not sure if any other action will fail based on session which was removed
>
> 2)
> *Steps:*
> 1. Configured ranger.service.inactivity.timeout to 40 sec and restarted Ranger
> 2. Open Ranger UI on an incognito window with hrt_qa/Password@123
> 3. Didnt perform any operation / mouse operation for 4 mins
>
> *Issue:*
> Idle logout wizard (with "logout now" and "stay logged in" is not shown)
>
>
> Diffs
> -----
>
> security-admin/src/main/webapp/scripts/controllers/Controller.js aab73b6f7
> security-admin/src/main/webapp/scripts/controllers/NController.js 2598035c4
> security-admin/src/main/webapp/scripts/modules/globalize/message/en.js 46e4c1901
> security-admin/src/main/webapp/scripts/utils/XAUtils.js 49f03d185
>
>
> Diff: https://reviews.apache.org/r/73619/diff/1/
>
>
> Testing
> -------
>
> Tested that if session timeout happens in one tab and we log out from that tab all other tabs also get logout.
> Tested that user does not perform any activity than after desire time idle logout popup appears.
>
>
> Thanks,
>
> Nitin Galave
>
>