OpenStack Dashboard (Horizon)

Old sessionid cookie causes 500 Internal Server Error at login

Bug #1338836 reported by Nathan Ward
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack Dashboard (Horizon)
Expired
Undecided
Unassigned

Bug Description

After switching to a different cloud, Django's old "sessionid" cookie causes Horizon to greet you with the 500 Internal Server Error page. Clearing browser cookies or deleting just the "sessionid" cookie (e.g. in Chrome Dev Tools > Resources > Cookies) and refreshing is a workaround to bring the user back to a working login screen. Could this happen because request.user.is_authenticated() does not check for a valid session before proceeding?
https://github.com/openstack/horizon/blob/0bd4350cb308d57b6afc69daee4a7823055be5a9/openstack_dashboard/views.py#L40

Revision history for this message
Nathan Ward (nward-intel) wrote :
Revision history for this message
Julie Pichon (jpichon) wrote :

I think this was a known issue when we switched from a date time object to an int for time (...or was it vice-versa?). The change was made forward-compatible but not backwards compatible, since except in the unlikely event of a rollback sometime after an upgrade it shouldn't happen. Could you clarify if/how you were encountering this situation in the real world? Thank you.

tags: removed: login session
Revision history for this message
Abhishek Asthana (asthana-abhishek) wrote :

Hi,

Yes, I am able to reproduce this issue easily in Havana on Ubuntu 12.04 LTS. However, I see this happens only in chrome as of yet. Could you please suggest the fix code/patch id so I could merge the change and retry the same.

Revision history for this message
Nathan Ward (nward-intel) wrote : Re: [Bug 1338836] Re: Old sessionid cookie causes 500 Internal Server Error at login

Thanks for investigating. We do not have a patch for this bug at the
moment.
-Nathan

On 7/17/14, 10:46 PM, "Abhishek Asthana" <email address hidden>
wrote:

>Hi,
>
>Yes, I am able to reproduce this issue easily in Havana on Ubuntu 12.04
>LTS. However, I see this happens only in chrome as of yet. Could you
>please suggest the fix code/patch id so I could merge the change and
>retry the same.
>
>--
>You received this bug notification because you are subscribed to the bug
>report.
>https://bugs.launchpad.net/bugs/1338836
>
>Title:
> Old sessionid cookie causes 500 Internal Server Error at login
>
>Status in OpenStack Dashboard (Horizon):
> New
>
>Bug description:
> After switching to a different cloud, Django's old "sessionid" cookie
>causes Horizon to greet you with the 500 Internal Server Error page.
>Clearing browser cookies or deleting just the "sessionid" cookie (e.g. in
>Chrome Dev Tools > Resources > Cookies) and refreshing is a workaround to
>bring the user back to a working login screen. Could this happen because
>request.user.is_authenticated() does not check for a valid session before
>proceeding?
>
>https://github.com/openstack/horizon/blob/0bd4350cb308d57b6afc69daee4a7823
>055be5a9/openstack_dashboard/views.py#L40
>
>To manage notifications about this bug go to:
>https://bugs.launchpad.net/horizon/+bug/1338836/+subscriptions

Revision history for this message
Julie Pichon (jpichon) wrote :

Nathan, Abishek, could you include the output from the apache server logs when the problem occurs? Could you also include the steps you're following to reproduce the issue?

Akihiro Motoki (amotoki)
tags: added: horizon-core
tags: added: dashboard-core
removed: horizon-core
Revision history for this message
David Lyle (david-lyle) wrote :

I believe this is corrected now by another patch.

Changed in horizon:
status: New → Incomplete
Revision history for this message
Launchpad Janitor (janitor) wrote :

[Expired for OpenStack Dashboard (Horizon) because there has been no activity for 60 days.]

Changed in horizon:
status: Incomplete → Expired
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.