Bug #4683

Sign out may not close the session

Added by Carlos Martín about 4 years ago. Updated over 3 years ago.

Status:ClosedStart date:07/26/2016
Priority:NormalDue date:
Assignee:Juan Jose Montiel Cano% Done:

100%

Category:Sunstone
Target version:Release 5.4
Resolution:invalid Pull request:
Affected Versions:OpenNebula 5.0

History

#1 Updated by Jan "Yenya" Kasprzak about 4 years ago

I have just upgraded to 5.2, and the problem can still be reproduced there. Moreover, on two occasions I have been redirected to http://my.sunstone.server/ (I run Sunstone on HTTPS only, https://my.sunstone.server/), so there is probably absolute URL redirection somewhere in Sunstone, using hard-coded HTTP instead of server-relative one.

#2 Updated by Tino Vázquez almost 4 years ago

  • Assignee changed from Carlos Martín to Juan Jose Montiel Cano

#3 Updated by Ruben S. Montero almost 4 years ago

  • Target version changed from Release 5.2 to Release 5.4

#4 Updated by Juan Jose Montiel Cano almost 4 years ago

I tried to reproduce your problem but it does not happen to me, can you give me more details on the steps you have to perform? To see if it happens to me.

#5 Updated by Jan "Yenya" Kasprzak almost 4 years ago

Juan Jose Montiel Cano wrote:

can you give me more details on the steps you have to perform?

I cannot reproduce it reliably, but it is something like this:

- make Sunstone accessible only via https, not http
- open https://my.sunstone.server/ (login form should be displayed)
- log in as oneadmin (oneadmin's dashboard should be displayed)
- click on the "oneadmin" near the top right corner, select "Sign out"

--- here I sometimes get the "Unable to connect" browser page, because my Sunstone server is accessible via HTTPS only, and the Sign out button poitns me to the http URL instead of https.
--- sometimes, however, I am apparently logged out, the login form is displayed, and the url is https://my.sunstone.server/login (note the /login suffix)

- log in as an ordinary user (the user's dashboard should be displayed)
- press "reload" in the browser, or click to the URL bar and press enter

--- here my sunstone displays the oneadmin's dashboard instead of user's dashboard, which means oneadmin has not been correctly logged out in the first place. Further clicking into the sunstone interface displays other data accessible by oneadmin only (list of all VMs, infrastructure tab, etc.)

Can you reproduce it with this description? If not, what other debugging info can I provide?

#6 Updated by Juan Jose Montiel Cano over 3 years ago

  • % Done changed from 0 to 100

#7 Updated by Tino Vázquez over 3 years ago

  • Status changed from Pending to Closed
  • Resolution set to invalid

Cannot reliable reproduce the problem.

Also available in: Atom PDF