User is never logged out if don't close UI in browser
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Fuel for OpenStack |
Opinion
|
Wishlist
|
Fuel UI Team |
Bug Description
{
"build_id": "2014-07-
"ostf_sha": "c1b60d4bcee7cd
"build_number": "347",
"auth_
"api": "1.0",
"nailgun_sha": "f5775d6b7f5a38
"production": "docker",
"fuelmain_sha": "74b9200955201f
"astute_sha": "fd9b8e3b6f59b2
"feature_
"mirantis"
],
"release": "5.1",
"fuellib_sha": "fb0e84c954a33c
}
1. Install fuel
2. Open fuel UI and log in with default credentials admin/admin
3. Leave environment for couple of hours
4. After 2-3 hours refresh page
Expected - user is prompted to log in again
Actual - user is still logged in
It turned out that UI refresh token in every 10 minutes after logging in so you'll never be logged out, only when you close the tab
I think that it's insecure - user can leave computer for some period of time and then someone else can use it because there is no expiration
Changed in fuel: | |
assignee: | Fuel Python Team (fuel-python) → Fuel UI Team (fuel-ui) |
Changed in fuel: | |
status: | New → Confirmed |
Changed in fuel: | |
status: | Confirmed → Opinion |
milestone: | 5.1 → 6.0 |
> Expected - user is prompted to log in again
I expect the UI not to logout until I explicitly do that