web staff client can spam open-ils.auth.session.retrieve requests
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Evergreen |
Fix Released
|
Undecided
|
Unassigned | ||
3.0 |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
The web staff client polls periodically to see if the authentication session is still current. This polling is done at an interval of the original auth session time (plus 5 seconds), using a $timeout.
However, super-large auth.staff_timeout values can result in the $timeout delay overflowing a 32-bit integer in most browser implementations (see https:/
If nothing else, this can cause logs to fill. A maximum poll time should be enforced below the 2,147,483,647 millisecond limit before a 32-bit integer overflows, and we should probably also coerce the minimum poll time to be 60 seconds or the like.
Evergreen 3.0+
Changed in evergreen: | |
status: | New → Confirmed |
assignee: | nobody → Bill Erickson (berick) |
status: | Confirmed → In Progress |
Changed in evergreen: | |
milestone: | 3.1.3 → 3.1.4 |
Changed in evergreen: | |
milestone: | 3.1.4 → 3.1.5 |
Changed in evergreen: | |
status: | Fix Committed → Fix Released |
Fix pushed implementing Galen's suggestions.
Shortest poll value is now 60,000ms and longest is now 2,147,483,647ms.
http:// git.evergreen- ils.org/ ?p=working/ Evergreen. git;a=shortlog; h=refs/ heads/user/ berick/ lp1774448- auth-poll- spam