Sign out may not close the session
|Assignee:||Juan Jose Montiel Cano||% Done:|
|Target version:||Release 5.4|
|Affected Versions:||OpenNebula 5.0|
Reported in the forum:
#1 Updated by Jan "Yenya" Kasprzak about 4 years ago
I have just upgraded to 5.2, and the problem can still be reproduced there. Moreover, on two occasions I have been redirected to http://my.sunstone.server/ (I run Sunstone on HTTPS only, https://my.sunstone.server/), so there is probably absolute URL redirection somewhere in Sunstone, using hard-coded HTTP instead of server-relative one.
#5 Updated by Jan "Yenya" Kasprzak almost 4 years ago
Juan Jose Montiel Cano wrote:
can you give me more details on the steps you have to perform?
I cannot reproduce it reliably, but it is something like this:
- make Sunstone accessible only via https, not http
- open https://my.sunstone.server/ (login form should be displayed)
- log in as oneadmin (oneadmin's dashboard should be displayed)
- click on the "oneadmin" near the top right corner, select "Sign out"
--- here I sometimes get the "Unable to connect" browser page, because my Sunstone server is accessible via HTTPS only, and the Sign out button poitns me to the http URL instead of https.
--- sometimes, however, I am apparently logged out, the login form is displayed, and the url is https://my.sunstone.server/login (note the /login suffix)
- log in as an ordinary user (the user's dashboard should be displayed)
- press "reload" in the browser, or click to the URL bar and press enter
--- here my sunstone displays the oneadmin's dashboard instead of user's dashboard, which means oneadmin has not been correctly logged out in the first place. Further clicking into the sunstone interface displays other data accessible by oneadmin only (list of all VMs, infrastructure tab, etc.)
Can you reproduce it with this description? If not, what other debugging info can I provide?