[katello-devel] Session expiration in Katello

[Marek Hulan]

Hello

I'm working on new session expirations behavior related to Signo. On katello 
side there's not really a nice way to solve this problem. There's a cookie 
with expiration time set so when it expires, browser throws it away and when 
user tries to access some page, SecurityException is thrown (in require_org 
before_filter) that is catched later and user is redirected to login page 
without any notice nor warning.

In this case we have no clue whether user was not logged in when he was 
accessing that protected page or whether his session expired so we cannot 
display any message to him. And the exceptions is logged every time to 
production.log with full backtrace. This does not seem as a good way to me.

On the other hand on foreman implementation, we store expiration time directly 
into a session and we check for this timestamp in every request. This allows 
us to react accordingly and display a proper message.

Would it be worth adding it to backlog and improve it in future? I like the 
"foreman" way. Comments? (+1 / -1 will do I think)

*TL;DR*: if noone objects, I'd like to add a story to backlog "As a Katello 
user I'd like to see a warning when my session expires"

-- 
Marek