Bug 40994 - UMC-Webserver: session timeout sometimes broken
UMC-Webserver: session timeout sometimes broken
Status: NEW
Product: UCS
Classification: Unclassified
Component: UMC (Generic)
UCS 4.4
Other Linux
: P5 normal with 2 votes (vote)
: ---
Assigned To: UMC maintainers
https://trello.com/c/qAOQWtdZ
:
: 44636 (view as bug list)
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2016-04-05 07:29 CEST by Florian Best
Modified: 2023-06-09 16:36 CEST (History)
6 users (show)

See Also:
What kind of report is it?: Bug Report
What type of bug is this?: 7: Crash: Bug causes crash or data loss
Who will be affected by this bug?: 3: Will affect average number of installed domains
How will those affected feel about the bug?: 2: A Pain – users won’t like this once they notice it
User Pain: 0.240
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional): Usability
Max CVSS v3 score:
best: Patch_Available+


Attachments
patch (1.06 KB, patch)
2016-04-05 07:29 CEST, Florian Best
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Florian Best univentionstaff 2016-04-05 07:29:55 CEST
Created attachment 7578 [details]
patch

I experienced now twice and could debug a strange behavior with the session timeout in the UMC-Webserver:
Every 30 seconds a login window pops up which tells to reauthenticate. The initial session timeout value is not correctly reset to the initial value (e.g. 500) but to 0 which causes that the newly created session is immediately invalid after login.
I don't know how to get into that state, it seems to be a race condition. I think it might be reproduced by having an unanswered-request while the session timeout happens plus doing another request then.

Attached is a patch. This seems to be a regression caused by the changes for SAML integration.
Comment 1 Florian Best univentionstaff 2016-04-27 11:32:43 CEST
Afaics this is somehow triggered by the office365 or google apps for work wizard.
Comment 2 Philipp Hahn univentionstaff 2016-08-25 17:16:46 CEST
Again: UCS Technical training 2016-08-25 with UCS-4.1-3
Comment 3 Florian Best univentionstaff 2017-05-18 14:44:42 CEST
*** Bug 44636 has been marked as a duplicate of this bug. ***
Comment 4 Philipp Hahn univentionstaff 2018-10-09 17:47:37 CEST
Again: UCS Technical Training 2019-10-09 with UCS-4.3-2

Suddenly the session times out (after doing something 30s ago).
After that I have to re-authenticate several times until UMC works again.
Comment 6 Timo Denissen univentionstaff 2018-11-01 15:19:42 CET
Just happend twice in a row when browsing the App center on our DC Master. I opened the App center, got asked for my password again, re-entered it, then the message popped up that my session expired and I need to re-login. Did that, got back into the App center and had to login again.
Comment 7 Michel Smidt 2018-11-30 12:44:54 CET
Experienced several times in customer presentation. Seemed to appear only in the App Center. I was logged in via SAML.
Comment 8 Philipp Hahn univentionstaff 2018-11-30 18:16:19 CET
Again: UCS Technical Training 2018-11-29 with UCS-4.3-2
Comment 9 Philipp Hahn univentionstaff 2019-05-13 09:41:30 CEST
Again: UCS Technical training 2019-05-08/09

This happend in my and all 5 trainee environments:
- During the installation of an UCS Backup in the background we continued working in the UMC.
- Suddenly my session expired and I lost all data already entered in a dialog.
- I re-logged-in, re-filled all fields manually an created the 2nd VM
- Shortly afterwards the session expired again - this time also for all 5 other trainees.

I have not correlated the timing exactly, but it seems to be related to the Backup performing its domain join in the background and starting to provide its SAML service, which seems to invalidate the shared memcache?
Comment 10 Florian Best univentionstaff 2023-06-09 16:36:31 CEST
could be obsolete by Bug #43633.