| 2015-01-10 19:12:28 |
Jeffrey Olsen |
bug |
|
|
added bug |
| 2015-01-10 19:12:50 |
Jeffrey Olsen |
information type |
Private Security |
Public |
|
| 2015-01-10 19:14:27 |
Jeffrey Olsen |
description |
When leaving Horizon open in the browser for a long duration, the session expires but does not automatically redirect to the login page. Instead, when the user goes to resume their Horizon session, it redirects to the login screen with no alert saying the session has expired. That alert only shows up after you try and log in again where it loops back to the login screen again, bringing up the alert saying the session expired and need to login again.
Additionally, it does present a security risk where an unauthorized user could see details about you environment left open in the browser, i.e., your instances private and floating IP address, etc.
I propose the following:
- Add a session expiration mechanism that automatically logs the user out of the dashboard when idle, bringing redirecting the page back to the login screen automatically. |
When leaving Horizon open in the browser for a long duration, the session expires but does not automatically redirect to the login page. Instead, when the user goes to resume their Horizon session, it redirects to the login screen with no alert saying the session has expired. That alert only shows up after you try and log in again where it loops back to the login screen again, bringing up the alert saying the session expired and need to login again.
Additionally, it does present a security risk where an unauthorized user could see details about you environment left open in the browser, i.e., your instances private and floating IP address, etc.
I propose the following:
- Add a session expiration mechanism that automatically logs the user out of the dashboard when idle, redirecting the page back to the login screen automatically. |
|
| 2015-01-10 19:18:59 |
Jeffrey Olsen |
description |
When leaving Horizon open in the browser for a long duration, the session expires but does not automatically redirect to the login page. Instead, when the user goes to resume their Horizon session, it redirects to the login screen with no alert saying the session has expired. That alert only shows up after you try and log in again where it loops back to the login screen again, bringing up the alert saying the session expired and need to login again.
Additionally, it does present a security risk where an unauthorized user could see details about you environment left open in the browser, i.e., your instances private and floating IP address, etc.
I propose the following:
- Add a session expiration mechanism that automatically logs the user out of the dashboard when idle, redirecting the page back to the login screen automatically. |
When leaving Horizon open in the browser for a long duration, the session expires but does not automatically redirect to the login page. Instead, when the user goes to resume their Horizon session, it redirects to the login screen with no alert saying the session has expired. That alert only shows up after you try and log in again where it loops back to the login screen again, bringing up the alert saying the session expired and need to login again.
Additionally, it does present a security risk where an unauthorized user could see details about your environment left open in the browser, i.e., your instances private and floating IP address, etc.
I propose the following:
- Add a session expiration mechanism that automatically logs the user out of the dashboard when idle, redirecting the page back to the login screen automatically. |
|
| 2015-01-11 23:03:23 |
Tamara Johnston |
horizon: status |
New |
Confirmed |
|
| 2015-01-15 05:43:12 |
Jeffrey Olsen |
horizon: assignee |
|
Jeffrey Olsen (jeffrey-olsen) |
|
| 2015-04-07 05:13:58 |
Samuel Chen |
bug |
|
|
added subscriber Samuel Chen |
| 2016-04-04 15:06:29 |
Matt Borland |
horizon: importance |
Undecided |
Wishlist |
|
| 2016-04-04 15:06:34 |
Matt Borland |
horizon: status |
Confirmed |
Triaged |
|
