search

apache / dolphinscheduler

Apache DolphinScheduler is the modern data orchestration platform. Agile to create high performance workflow with low-code
https://dolphinscheduler.apache.org/
Apache License 2.0
12.88k stars 4.63k forks source link

[Bug] [dolphinscheduler-api] LoginHandlerInterceptor.preHandle check session without expire time check #16627

Open GOODBOY008 opened 2 months ago

GOODBOY008 commented 2 months ago

Search before asking

What happened

LoginHandlerInterceptor.preHandle check session without expire time check.

https://github.com/apache/dolphinscheduler/blob/dev/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/interceptor/LoginHandlerInterceptor.java#L71-L77

What you expected to happen

LoginHandlerInterceptor.preHandle should check session expire time.

How to reproduce

Login dolphinscheduler and you can always access the web-ui.

Anything else

No response

Version

dev

Are you willing to submit PR?

Code of Conduct

GOODBOY008 commented 2 months ago

@ruanwenjun PTAL ,Thank you ~

SbloodyS commented 2 months ago

Session expired time is 7200 seconds by default. It not a bug.

GOODBOY008 commented 2 months ago

Session expired time is 7200 seconds by default. It not a bug.

@SbloodyS But there is no check session expired logic in LoginHandlerInterceptor . I tried this on my local environment, logged into DS, and was still able to operate DS the next day.

SbloodyS commented 2 months ago

After a closer look at the dev branch reveals that the bug does exist.