[Freeipa-users] Web ui error “Your session has expired. Please re-login.” from a browser on a remote client.
Petr Vobornik
pvoborni at redhat.com
Mon May 4 12:10:52 UTC 2015
On 05/04/2015 07:53 AM, Petr Spacek wrote:
> On 30.4.2015 14:39, Christopher Lamb wrote:
>> Hi Petr
>>
>> Thanks, we solved this issue and reported that back on this thread. The
>> troubleshooting guide has even been updated as a result.
>>
>> https://www.redhat.com/archives/freeipa-users/2015-April/msg00605.html
>>
>> Your suggestion has however hit the nail on the head - the problem was
>> clock skew between the Server hosting freeIPA and the workstations.
>
> Petr, could we detect this situation in initial Javascript?
>
> I can imagine that server sends its current UTC time to the browser while
> login page is loading and then client could compare (local UTC) - (server UTC)
> and scream if time difference is greater than ... 5 minutes or so?
>
I think it's possible.
Server sends HTTP response date header[1] with format [2].
In browser:
var date = new Date(xhr.getResponseHeader('Date'));
var diff = Date.now() - date.getTime();
var minutes = diff / 1000 / 60;
new ticket: https://fedorahosted.org/freeipa/ticket/5015
[1] https://tools.ietf.org/html/rfc2616#section-14.18
[2] https://tools.ietf.org/html/rfc2616#section-3.3.1
--
Petr Vobornik
More information about the Freeipa-users
mailing list