Horizon Session Expiration
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Dashboard (Horizon) |
Triaged
|
Wishlist
|
Jeffrey Olsen |
Bug Description
When leaving Horizon open in the browser for a long duration, the session expires but does not automatically redirect to the login page. Instead, when the user goes to resume their Horizon session, it redirects to the login screen with no alert saying the session has expired. That alert only shows up after you try and log in again where it loops back to the login screen again, bringing up the alert saying the session expired and need to login again.
Additionally, it does present a security risk where an unauthorized user could see details about your environment left open in the browser, i.e., your instances private and floating IP address, etc.
I propose the following:
- Add a session expiration mechanism that automatically logs the user out of the dashboard when idle, redirecting the page back to the login screen automatically.
information type: | Private Security → Public |
description: | updated |
description: | updated |
Changed in horizon: | |
status: | New → Confirmed |
Changed in horizon: | |
assignee: | nobody → Jeffrey Olsen (jeffrey-olsen) |
This is a great idea, although I don't think it's so much a bug as a blueprint. The behavior regarding timing out views is debatable although what the poster suggests is a good common practice.