Project

General

Profile

Bug #49803

mgr/dashboard: validate/fix behaviour of JWT cookie after expiration

Added by Ernesto Puerta about 1 month ago. Updated 6 days ago.

Status:
Can't reproduce
Priority:
High
Assignee:
Category:
dashboard/auth-sso
Target version:
% Done:

0%

Source:
Q/A
Tags:
Backport:
pacific,octopus,nautilus
Regression:
No
Severity:
2 - major
Reviewed:
Affected Versions:
ceph-qa-suite:
Pull request ID:
Crash signature (v1):
Crash signature (v2):

Description

Description of problem

With the recent change to Secure cookies, it's been observed that the browser cookies need to be manually cleared from time to time (e.g.: after a new dashboard is deployed), so the question is whether the current behaviour is correct: we should verify that with the JWT token expiration (TTL).

How reproducible

This should be tested by setting a very low JWT TTL: ceph dashboard set-jwt-token-ttl 120 (seconds).

After 2 minutes logged in, the cookie/JWT should expire and the user should be logged of.

The log-in shouldn't require manually deleting the cookie: it should be a regular log-in operation.

History

#1 Updated by Avan Thakkar about 1 month ago

I tried the reproducing steps and I was logged out after 120s, so doesn't seem to any issue here.

#2 Updated by Avan Thakkar about 1 month ago

  • Status changed from In Progress to Can't reproduce

#3 Updated by Ernesto Puerta 6 days ago

  • Project changed from mgr to Dashboard
  • Category changed from dashboard/auth-sso to dashboard/auth-sso

Also available in: Atom PDF