Uploaded image for project: 'XNAT'
  1. XNAT
  2. XNAT-5924

Remove session timer reset on zip download

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Blocker
    • Resolution: Fixed
    • Affects Version/s: 1.7.5.1
    • Fix Version/s: 1.7.5.2
    • Component/s: None
    • Sprint:
      1.7.5.2 Point release
    • Rank:
      0|ii1nj9:
    • Sprint:
      1.7.5.2 Point release

      Description

      To recreate:

      1. In your XNAT logs, watch the access.log:

        tail -f access.log

      2. Go to a small (MR) session in XNAT.
      3. Download the session with option 2 (zip download).
      4. Even though the session finishes downloading quickly, the session timer continues to get reset every minute.

      Consequences:

      1. Users aren't getting logged out properly.
      2. Authentication session stays open, causing issues with the proxy in production.

      Since this ping shouldn't even have really been necessary to make the zip download work in the first place, can we just remove it?

      A small aside, you can even recreate the behavior Jenny is seeing on CNDA by restarting tomcat after a couple of calls from the browser to refresh the session:

      2019-01-23 18:28:30,015 - admin 10.1.100.1 GET http://10.1.100.17/xapi/siteConfig/buildInfo
      2019-01-23 18:29:29,052 - admin 10.1.100.1 GET http://10.1.100.17/xapi/siteConfig/buildInfo
      2019-01-23 18:31:22,754 - guest 10.1.100.1 GET http://10.1.100.17/xapi/siteConfig/buildInfo
      2019-01-23 18:31:29,055 - guest 10.1.100.1 GET http://10.1.100.17/xapi/siteConfig/buildInfo
      2019-01-23 18:32:29,053 - guest 10.1.100.1 GET http://10.1.100.17/xapi/siteConfig/buildInfo
      2019-01-23 18:33:29,055 - guest 10.1.100.1 GET http://10.1.100.17/xapi/siteConfig/buildInfo
      2019-01-23 18:34:29,057 - guest 10.1.100.1 GET http://10.1.100.17/xapi/siteConfig/buildInfo
      2019-01-23 18:35:29,054 - guest 10.1.100.1 GET http://10.1.100.17/xapi/siteConfig/buildInfo
      

      Note that after tomcat has restarted, the user has switched from admin to guest, because the JSESSIONID is no longer valid.

        Activity

        Hide
        markflorida@wustl.edu Mark Florida added a comment -

        Ping removed.

        Show
        markflorida@wustl.edu Mark Florida added a comment - Ping removed.

          People

          • Assignee:
            moore.c@wustl.edu Charlie Moore
            Reporter:
            moore.c@wustl.edu Charlie Moore
          • Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Agile