[katello-devel] Session expiration in Katello
Bryan Kearney
bkearney at redhat.com
Thu May 16 12:23:58 UTC 2013
On 05/16/2013 06:53 AM, Marek Hulan wrote:
> Hello
>
> I'm working on new session expirations behavior related to Signo. On katello
> side there's not really a nice way to solve this problem. There's a cookie
> with expiration time set so when it expires, browser throws it away and when
> user tries to access some page, SecurityException is thrown (in require_org
> before_filter) that is catched later and user is redirected to login page
> without any notice nor warning.
>
> In this case we have no clue whether user was not logged in when he was
> accessing that protected page or whether his session expired so we cannot
> display any message to him. And the exceptions is logged every time to
> production.log with full backtrace. This does not seem as a good way to me.
>
> On the other hand on foreman implementation, we store expiration time directly
> into a session and we check for this timestamp in every request. This allows
> us to react accordingly and display a proper message.
>
> Would it be worth adding it to backlog and improve it in future? I like the
> "foreman" way. Comments? (+1 / -1 will do I think)
>
> *TL;DR*: if noone objects, I'd like to add a story to backlog "As a Katello
> user I'd like to see a warning when my session expires"
>
ack.. add the feature to the katello side so we can improve signo
integration.
-- bk
More information about the katello-devel
mailing list