[katello-devel] Session expiration in Katello
Marek Hulan
mhulan at redhat.com
Thu May 16 10:53:01 UTC 2013
Hello
I'm working on new session expirations behavior related to Signo. On katello
side there's not really a nice way to solve this problem. There's a cookie
with expiration time set so when it expires, browser throws it away and when
user tries to access some page, SecurityException is thrown (in require_org
before_filter) that is catched later and user is redirected to login page
without any notice nor warning.
In this case we have no clue whether user was not logged in when he was
accessing that protected page or whether his session expired so we cannot
display any message to him. And the exceptions is logged every time to
production.log with full backtrace. This does not seem as a good way to me.
On the other hand on foreman implementation, we store expiration time directly
into a session and we check for this timestamp in every request. This allows
us to react accordingly and display a proper message.
Would it be worth adding it to backlog and improve it in future? I like the
"foreman" way. Comments? (+1 / -1 will do I think)
*TL;DR*: if noone objects, I'd like to add a story to backlog "As a Katello
user I'd like to see a warning when my session expires"
--
Marek
More information about the katello-devel
mailing list