Uploaded image for project: 'XNAT'
  1. XNAT
  2. XNAT-5924

Remove session timer reset on zip download

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Blocker
    • Resolution: Fixed
    • Affects Version/s: 1.7.5.1
    • Fix Version/s: 1.7.5.2
    • Component/s: None
    • Sprint:
      1.7.5.2 Point release
    • Rank:
      0|ii1nj9:
    • Sprint:
      1.7.5.2 Point release

      Description

      To recreate:

      1. In your XNAT logs, watch the access.log:

        tail -f access.log

      2. Go to a small (MR) session in XNAT.
      3. Download the session with option 2 (zip download).
      4. Even though the session finishes downloading quickly, the session timer continues to get reset every minute.

      Consequences:

      1. Users aren't getting logged out properly.
      2. Authentication session stays open, causing issues with the proxy in production.

      Since this ping shouldn't even have really been necessary to make the zip download work in the first place, can we just remove it?

      A small aside, you can even recreate the behavior Jenny is seeing on CNDA by restarting tomcat after a couple of calls from the browser to refresh the session:

      2019-01-23 18:28:30,015 - admin 10.1.100.1 GET http://10.1.100.17/xapi/siteConfig/buildInfo
      2019-01-23 18:29:29,052 - admin 10.1.100.1 GET http://10.1.100.17/xapi/siteConfig/buildInfo
      2019-01-23 18:31:22,754 - guest 10.1.100.1 GET http://10.1.100.17/xapi/siteConfig/buildInfo
      2019-01-23 18:31:29,055 - guest 10.1.100.1 GET http://10.1.100.17/xapi/siteConfig/buildInfo
      2019-01-23 18:32:29,053 - guest 10.1.100.1 GET http://10.1.100.17/xapi/siteConfig/buildInfo
      2019-01-23 18:33:29,055 - guest 10.1.100.1 GET http://10.1.100.17/xapi/siteConfig/buildInfo
      2019-01-23 18:34:29,057 - guest 10.1.100.1 GET http://10.1.100.17/xapi/siteConfig/buildInfo
      2019-01-23 18:35:29,054 - guest 10.1.100.1 GET http://10.1.100.17/xapi/siteConfig/buildInfo
      

      Note that after tomcat has restarted, the user has switched from admin to guest, because the JSESSIONID is no longer valid.

        Activity

        moore.c@wustl.edu Charlie Moore created issue -
        moore.c@wustl.edu Charlie Moore made changes -
        Field Original Value New Value
        Description To recreate:
        # In your XNAT logs, watch the access.log: {code}tail -f access.log{code}
        # Go to a small (MR) session in XNAT.
        # Download the session with option 2 (zip download).
        # Even though the session finishes downloading quickly, the session timer continues to get reset every minute.

        Consequences:
        # Users aren't getting logged out properly.
        # Authentication session stays open, causing issues with the proxy in production.

        Since this ping shouldn't even have really been necessary to make the zip download work in the first place, can we just remove it?

        A small aside, you can even recreate the behavior Jenny is seeing on CNDA by restarting tomcat after a couple of calls from the browser to refresh the session:
        {code}
        2019-01-23 18:28:30,015 - admin 10.1.100.1 GET http://10.1.100.17/xapi/siteConfig/buildInfo
        2019-01-23 18:29:29,052 - admin 10.1.100.1 GET http://10.1.100.17/xapi/siteConfig/buildInfo
        2019-01-23 18:31:22,754 - guest 10.1.100.1 GET http://10.1.100.17/xapi/siteConfig/buildInfo
        2019-01-23 18:31:29,055 - guest 10.1.100.1 GET http://10.1.100.17/xapi/siteConfig/buildInfo
        2019-01-23 18:32:29,053 - guest 10.1.100.1 GET http://10.1.100.17/xapi/siteConfig/buildInfo
        2019-01-23 18:33:29,055 - guest 10.1.100.1 GET http://10.1.100.17/xapi/siteConfig/buildInfo
        2019-01-23 18:34:29,057 - guest 10.1.100.1 GET http://10.1.100.17/xapi/siteConfig/buildInfo
        2019-01-23 18:35:29,054 - guest 10.1.100.1 GET http://10.1.100.17/xapi/siteConfig/buildInfo
        {code}

        Note that after tomcat has restarted, the user has switched from {{admin}} to {{guest}}, because the JSESSIONID is no longer valid.
        To recreate:
        # In your XNAT logs, watch the access.log: {code}tail -f access.log{code}
        # Go to a small (MR) session in XNAT.
        # Download the session with option 2 (zip download).
        # Even though the session finishes downloading quickly, the session timer continues to get reset every minute.

        Consequences:
        # Users aren't getting logged out properly.
        # Authentication session stays open, causing issues with the proxy in production.

        Since this ping shouldn't even have really been necessary to make the zip download work in the first place, can we just remove it?

        ---

        A small aside, you can even recreate the behavior Jenny is seeing on CNDA by restarting tomcat after a couple of calls from the browser to refresh the session:
        {code}
        2019-01-23 18:28:30,015 - admin 10.1.100.1 GET http://10.1.100.17/xapi/siteConfig/buildInfo
        2019-01-23 18:29:29,052 - admin 10.1.100.1 GET http://10.1.100.17/xapi/siteConfig/buildInfo
        2019-01-23 18:31:22,754 - guest 10.1.100.1 GET http://10.1.100.17/xapi/siteConfig/buildInfo
        2019-01-23 18:31:29,055 - guest 10.1.100.1 GET http://10.1.100.17/xapi/siteConfig/buildInfo
        2019-01-23 18:32:29,053 - guest 10.1.100.1 GET http://10.1.100.17/xapi/siteConfig/buildInfo
        2019-01-23 18:33:29,055 - guest 10.1.100.1 GET http://10.1.100.17/xapi/siteConfig/buildInfo
        2019-01-23 18:34:29,057 - guest 10.1.100.1 GET http://10.1.100.17/xapi/siteConfig/buildInfo
        2019-01-23 18:35:29,054 - guest 10.1.100.1 GET http://10.1.100.17/xapi/siteConfig/buildInfo
        {code}

        Note that after tomcat has restarted, the user has switched from {{admin}} to {{guest}}, because the JSESSIONID is no longer valid.
        moore.c@wustl.edu Charlie Moore made changes -
        Priority Critical [ 2 ] Blocker [ 1 ]
        jrherrick@wustl.edu Rick Herrick made changes -
        Attachment XNAT-5898.diff [ 20621 ]
        jrherrick@wustl.edu Rick Herrick made changes -
        Comment [ The [^XNAT-5898.diff] diff can be applied to the develop branch of [xdat|https://bitbucket.org/xnatdev/xdat] to produce a version of XDAT core that works properly with PostgreSQL 10 and later, or at least seems to but it hasn't been robustly tested yet. Creating projects, subjects, sessions, and users all works fine. ]
        moore.c@wustl.edu Charlie Moore made changes -
        Labels cnda-interest
        moore.stephen.m@wustl.edu Steve Moore made changes -
        Assignee Mark Florida [ mflori01 ]
        moore.stephen.m@wustl.edu Steve Moore made changes -
        Labels cnda-interest cnda-interest fix-asap
        moore.stephen.m@wustl.edu Steve Moore made changes -
        Rank Ranked higher
        moore.stephen.m@wustl.edu Steve Moore made changes -
        Rank Ranked lower
        moore.stephen.m@wustl.edu Steve Moore made changes -
        Rank Ranked higher
        markflorida@wustl.edu Mark Florida made changes -
        Resolution Fixed [ 1 ]
        Assignee Mark Florida [ mflori01 ] Charlie Moore [ cmoore01 ]
        Status Open [ 1 ] Resolved [ 5 ]
        moore.stephen.m@wustl.edu Steve Moore made changes -
        Sprint 1.7.5.2 Point release [ 135 ]
        moore.stephen.m@wustl.edu Steve Moore made changes -
        Fix Version/s 1.7.5.2 [ 14722 ]
        moore.c@wustl.edu Charlie Moore made changes -
        Status Resolved [ 5 ] Closed [ 6 ]

          People

          • Assignee:
            moore.c@wustl.edu Charlie Moore
            Reporter:
            moore.c@wustl.edu Charlie Moore
          • Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Agile