Details
-
Type:
Bug
-
Status: Closed
-
Priority:
Blocker
-
Resolution: Fixed
-
Affects Version/s: 1.7.5.1
-
Fix Version/s: 1.7.5.2
-
Component/s: None
-
Labels:
-
Sprint:1.7.5.2 Point release
-
Rank:0|ii1nj9:
-
Sprint:1.7.5.2 Point release
Description
To recreate:
- In your XNAT logs, watch the access.log:
tail -f access.log
- Go to a small (MR) session in XNAT.
- Download the session with option 2 (zip download).
- Even though the session finishes downloading quickly, the session timer continues to get reset every minute.
Consequences:
- Users aren't getting logged out properly.
- Authentication session stays open, causing issues with the proxy in production.
Since this ping shouldn't even have really been necessary to make the zip download work in the first place, can we just remove it?
—
A small aside, you can even recreate the behavior Jenny is seeing on CNDA by restarting tomcat after a couple of calls from the browser to refresh the session:
2019-01-23 18:28:30,015 - admin 10.1.100.1 GET http://10.1.100.17/xapi/siteConfig/buildInfo
|
2019-01-23 18:29:29,052 - admin 10.1.100.1 GET http://10.1.100.17/xapi/siteConfig/buildInfo
|
2019-01-23 18:31:22,754 - guest 10.1.100.1 GET http://10.1.100.17/xapi/siteConfig/buildInfo
|
2019-01-23 18:31:29,055 - guest 10.1.100.1 GET http://10.1.100.17/xapi/siteConfig/buildInfo
|
2019-01-23 18:32:29,053 - guest 10.1.100.1 GET http://10.1.100.17/xapi/siteConfig/buildInfo
|
2019-01-23 18:33:29,055 - guest 10.1.100.1 GET http://10.1.100.17/xapi/siteConfig/buildInfo
|
2019-01-23 18:34:29,057 - guest 10.1.100.1 GET http://10.1.100.17/xapi/siteConfig/buildInfo
|
2019-01-23 18:35:29,054 - guest 10.1.100.1 GET http://10.1.100.17/xapi/siteConfig/buildInfo
|
Note that after tomcat has restarted, the user has switched from admin to guest, because the JSESSIONID is no longer valid.
Ping removed.