OpenStack Dashboard (Horizon)

Session can time out for idling on the login page

Bug #1302367 reported by bhupendra vyas on 2014-04-04

This bug affects 5 people

Affects		Status	Importance	Assigned to	Milestone
	OpenStack Dashboard (Horizon)	Expired	Medium	Unassigned

Bug Description

Description :

When tried to access the horizon due to idle session, it redirects to the login page. After entering the username and password it first gives the message "Session timed out", and then again asks for the credentials to login.

Expected : Due to idle session, it should redirects to the login page and then just on providing the credentials it should login instead of giving the "session timed out" message and again asking for credentials.

Build Used -- Icehouse

root@os-controller:~/horizon-pkg# dpkg -l | grep -i django
ii openstack-dashboard 1:2014.1+git201403311756~precise-0ubuntu1 django web interface to Openstack
ii python-django-horizon 1:2014.1+git201403311756~precise-0ubuntu1 Django module providing web based interaction with OpenStack
ii python-django-openstack 1:2014.1+git201403311756~precise-0ubuntu1 dummy transitonal package

Tags:

Revision history for this message

bhupendra vyas (bhupendra-vyas) wrote on 2014-04-04:

openstack_horizon_idle_session.jpg Edit (83.0 KiB, image/jpeg)

Revision history for this message

Julie Pichon (jpichon) wrote on 2014-04-04:

I thought at first that this was a duplicate of bug 1231355, but I think you're talking about the fact that you can get a session timeout error for idling on the login page. I think there was an open review that fixed this incidentally, but I can't find it at the moment so keeping this bug open. Thank you for the report.

summary:

- The session timed out message is shown when tried to relogin
+ Session can time out for idling on the login page

David Lyle (david-lyle) on 2014-04-04

Changed in horizon:
status:	New → Confirmed
importance:	Undecided → Medium

Wang Wen (waynewang1989) on 2014-04-27

Changed in horizon:
assignee:	nobody → Wang Wen (waynewang1989)

Revision history for this message

Openstack Gerrit (openstack-gerrit) wrote on 2014-04-27: Fix proposed to horizon (master)

Fix proposed to branch: master
Review: https://review.openstack.org/90610

Changed in horizon:
status:	Confirmed → In Progress

Revision history for this message

Matthias Runge (mrunge) wrote on 2014-06-24:

When you're idling for a looong time on login page, you'll even get a csrf protection issue. We should remove that as well during initialization.

tags:

added: icehouse-backport-potential

Revision history for this message

Ian Cordasco (icordasc) wrote on 2014-08-28:

@mrunge, would that be better addressed in a separate issue?

Revision history for this message

Miguel Grinberg (miguelgrinberg) wrote on 2014-08-28:

The original report isn't very clear about this, so I wanted to mention my experience with this issue, which occurs not only when idling on the login page, but when idling on any page after I'm logged in.

My steps to reproduce:

1. login to horizon
2. while logged in, leave the browser window open for a long time, more than 30 minutes.
3. click on any link in the page, and you will be redirected to the login page due to session expired.
4. login again to horizon
5. you are redirected again to the login page
6. login in a third time, and now everything works.

Revision history for this message

Gary W. Smith (gary-w-smith) wrote on 2014-08-28:

The scenario you list in comment #6 appears to be a duplicate of https://bugs.launchpad.net/horizon/+bug/1308918 .

Revision history for this message

Miguel Grinberg (miguelgrinberg) wrote on 2014-08-28:

Gary, you are correct, the bug you linked represents my issue, which is different than the one reported here. Sorry about that.

Revision history for this message

Matthias Runge (mrunge) wrote on 2014-08-29:

@icordasc
I'm not sure, if we really know, what's going on here or if this is a duplicate if https://bugs.launchpad.net/horizon/+bug/1308918

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2015-01-27: Change abandoned on horizon (master)

#10

Change abandoned by David Lyle (<email address hidden>) on branch: master
Review: https://review.openstack.org/90610
Reason: This review is > 4 weeks without comment, and failed Jenkins the last time it was checked. We are abandoning this for now. Feel free to reactivate the review by pressing the restore button and leaving a 'recheck' comment to get fresh test results.

Revision history for this message

Vladislav Kuzmin (vkuzmin-u) wrote on 2017-07-10:

#11

I've checked this bug one more time. For now we don't have the "session timed out" message, but it asked login and password two time. It looks like https://bugs.launchpad.net/horizon/+bug/1308918 and https://bugs.launchpad.net/django-openstack-auth/+bug/1403037 still here.