You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@ranger.apache.org by "Nitin Galave (Jira)" <ji...@apache.org> on 2021/10/05 11:50:00 UTC

[jira] [Commented] (RANGER-3457) [Session Timeout-Ranger]With multiple tabs if one tab encounters session idle timeout other active tab still continues with old/invalid session cookie.

    [ https://issues.apache.org/jira/browse/RANGER-3457?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17424423#comment-17424423 ] 

Nitin Galave commented on RANGER-3457:
--------------------------------------

Committed to [apache-master|https://github.com/apache/ranger/commit/d7a3de193d45f00ef20ef8859d025b444b2dba0b] branch.

> [Session Timeout-Ranger]With multiple tabs if one tab encounters session idle timeout other active tab still continues with old/invalid session cookie.
> -------------------------------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: RANGER-3457
>                 URL: https://issues.apache.org/jira/browse/RANGER-3457
>             Project: Ranger
>          Issue Type: Improvement
>          Components: Ranger
>    Affects Versions: 3.0.0, 2.2.0
>            Reporter: Nitin Galave
>            Assignee: Nitin Galave
>            Priority: Major
>             Fix For: 3.0.0, 2.2.0
>
>         Attachments: 0002-RANGER-3457.patch, 0003-RANGER-3457.patch
>
>
> 1)
> *Steps:*
> 1. Configured ranger.service.inactivity.timeout to 45 sec
> 2. Opened ranger UI on multiple tabs.
> 3. Left the session idle for 40 secs 
> 4. once the popup for session idle going to expire shows up clicked on the "stay logged in" button and performed an operation in one of the tabs.
> *Observation*
>  # Other tabs which were opened removed the RangerSessionID, but the tab which became active before timeout still using the same RangerSessionID.
>  # Clicking a link from the above active tab to a new tab still uses the same RangerSessionID which was removed earlier
>  # But when clicking ranger ui from CP it opens with a new RangerSessionID
> *Note:*
> Though using RangerSessionID which was removed in other tabs, i was able to navigate and perform policy updates. But not sure if any other action will fail based on session which was removed
> 2)
> *Steps:*
>  1. Configured ranger.service.inactivity.timeout to 40 sec and restarted Ranger
>  2. Open Ranger UI on an incognito window with hrt_qa/Password@123
>  3. Didnt perform any operation / mouse operation for 4 mins
> *Issue:*
>  Idle logout wizard (with "logout now" and "stay logged in" is not shown)



--
This message was sent by Atlassian Jira
(v8.3.4#803005)