Univention Bugzilla – Bug 30318
Permanent logout with IE9
Last modified: 2016-03-17 13:21:31 CET
During a UCS@school session with open computer room module (and 14 computers), the login dialog shows up once in a while. This should not happen as the connection is kept open through the frequent and continuous requests. As this happens, the content of document.cookie is set to: undefined=undefined; UMCLang=de-DE; UMCUsername=lehrer This seems to be related to the following forum entry: http://forum.univention.de/viewtopic.php?f=48&t=1977
If you login again as the same user, the old umc session process are still running. As these processes still hold the connection open to the Windows clients, the communication is after a few re-logins very slow.
(In reply to comment #1) > If you login again as the same user, the old umc session process are still > running. As these processes still hold the connection open to the Windows > clients, the communication is after a few re-logins very slow. This relates to the computer room module in UCS@school.
In my tests, I could see that the cookie was delete after its expiration date had been updated in umc/tools:_renewIESession(). I could observe earlier that IE seems to have troubles with updating the cookie too often via javascript. Maybe it is safer to store how long the session will be valid in a javascript variable (see also Bug 27936).
*** Bug 29690 has been marked as a duplicate of this bug. ***
First try to fix this behaviour. I could not reproduce the issue again, and it probably is difficult to reproduce it intentionally. The cookie handling has been adapted as follows: * The cookie UMCSessionID is set once when performing a login (umcp/auth). * The cookie's expiration date is set to be in 5 years (server time) → this should be enough for time gaps between server and client due to pausing VM instances. * If the cookie is set, UMC-Frontend tries to login on the server side, in the worst case, the session is invalid and the user needs to login normally. * On the client side the timestamp of the last received request is stored and continously compared to the current time using JavaScript. When the session timed out the login screen is prompted to the user. Erratum: YAML file added, package built. UCS 3.1-1: Changelog updated, package built. univention-management-console-frontend (2.0.193-1) unstable; urgency=low . * adapted cookie handling to avoid problems with IE; Bug #30318
Changelog, YAML: Okay 3.1-1: Okay Errata: Okay Tested with IE, Chrome, FF; did not run into any problems. I was also unable to reproduce the underlying bug without that patch, though. I do not know if this patch really fixes the issue. As per code review, it does not seem to introduce any regressions and the approach is promising as it looks like the bug relates to intensive cookie-usage.
The logout button does not work like expected at least not every time. In some cases (4 of 5) I'm automatically logged in again after the click on the logout button. In Firebug I see that I got a new sessionID.
(In reply to comment #7) > The logout button does not work like expected at least not every time. In some > cases (4 of 5) I'm automatically logged in again after the click on the logout > button. > > In Firebug I see that I got a new sessionID. We found a possible solution. Maybe I had an old UMC browser tab open with the old session and user name and password in the URL. In this case the old session re-creates the sessionID. I can't reproduce in a clean environment.
Again verified.
http://errata.univention.de/3.1-errata50.html
The change caused the leap year problem (Bug #40790).