Evergreen

Logging out when there are multiple AngularJS staff client tabs open can cause problems

Bug #2034617 reported by Galen Charlton
22
This bug affects 4 people
Affects Status Importance Assigned to Milestone
Evergreen
Fix Released
High
Unassigned
Evergreen 3.13-beta
3.11
Fix Released
High
Unassigned
Evergreen 3.11.5
3.12
Fix Released
High
Unassigned
Evergreen 3.12.3

Bug Description

Because of the way that the AngularJS staff client handles BroadcastChannel messages on the eg.auth channel that are sent when another tab (either Angular or AngularJS) gets a request to log out, it is possible for multiple browser tabs that have the AngularJS staff client open to fall into a broadcast storm of logout messages on the eg.auth channel. Any Angular staff tabs that are also present will attempt to handle each and every message by running a running an open-ils.auth.session.delete. This can happen fast enough that thousands of open-ils.auth.session.delete requests can be made by a single browser, in the space of a few minutes, overwhelming the open-ils.auth service and preventing session creation and verification.

Empirically, opening four or five open AngularJS tabs, then logging out of one, is sufficient to reproduce the problem.

Note that it is STRONGLY recommended to test this only on personal and isolated Evergreen systems.

Evergreen 3.8+

Revision history for this message
Galen Charlton (gmc) wrote :

A patch is available in the branch working/user/gmcharlt/lp2034617_improve_logout_handling / https://git.evergreen-ils.org/?p=working/Evergreen.git;a=shortlog;h=refs/heads/user/gmcharlt/lp2034617_improve_logout_handling

I think this patch is a candidate for a quick fix, but additional work would be useful to:

- have the Angular app stop listening to eg.auth messages after it receives the first 'logout' message (then resume once the user has logged in again)
- tighten up the logic around when the AngularJS expired auth handler sends the broadcast message

tags: added: angularjs performance
tags: added: pullrequest
Changed in evergreen:
importance: Undecided → High
Revision history for this message
Galen Charlton (gmc) wrote :

This bug is presumably related to bug 2002693.

Andrea Neiman (aneiman)
Changed in evergreen:
status: New → Confirmed
Terran McCanna (tmccanna)
Changed in evergreen:
milestone: none → 3.next
milestone: 3.next → none
Revision history for this message
Jason Boyer (jboyer) wrote :

Between my own testing and multiple customers using this patch over the last several months, my signoff is here: https://git.evergreen-ils.org/?p=working/Evergreen.git;a=shortlog;h=refs/heads/user/jboyer/lp2034617_ajs_logout_signoff / working/user/jboyer/lp2034617_ajs_logout_signoff

tags: added: signedoff
Jeff Davis (jdavis-sitka)
Changed in evergreen:
assignee: nobody → Jeff Davis (jdavis-sitka)
Revision history for this message
Jeff Davis (jdavis-sitka) wrote :

I haven't been able to replicate the server-side issue in a test environment, but the fix appears to prevent my browser from freezing when logging out with multiple tabs open. Pushed to rel_3_11, rel_3_12, and main. Thanks, Galen and Jason!

Changed in evergreen:
milestone: none → 3.13-beta
assignee: Jeff Davis (jdavis-sitka) → nobody
status: Confirmed → Fix Committed
Evergreen Bug Maintenance (bugmaster)
Changed in evergreen:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.