Strange behaviour after idle time

[certrik]

After being idle for aprox. 15 minutes at /#!/user_list and going back to /#!/organization_list the list of organizations is shown. Trying to go to /#!/account error unauthorized is thrown and you are at the login page. I assume that goinig to any other page different from /#!/account would have thrown same error and results.

[davewood]

session timeout probably.

[certrik]

Well probably true. But why can I still access /#!/organization_list after the timeout.

[davewood]

currently set to 30 minutes in config.py

PERMANENT_SESSION_LIFETIME = timedelta(minutes=30)

[davewood]

did you click the back button of your browser or click the 'Organizations' link?

[MarkHofstetter]

session timeout handling is implemented rather strange at the moment, some improvement have to be done there anyway

[certrik]

I have clicked the 'Organizations' link.

[davewood]

im testing the displaying of the organizations list after the session timed out, i guess its just a cached view.

[davewood]

doesnt seem to be a cache issue.

[MarkHofstetter]

could not reproduce locally, going to diff configs

[davewood]

on my local installation im not logged out after 30 minutes either.

[certrik]

Any new information regarding this issue?

[davewood]

i tried again on our staging env, waited 18 minutes and nothing of importance happend. no timeout, no error, no warning, it just kept working.

[MarkHofstetter]

I was twice as diligent as David and waited 36 minutes for nothing to happen

[davewood]

left my computer running and the page open in my browser, clicked the organizations link and the login page appeared.

[davewood]

so far the behaviour (as observed by Mark and I) is as expected. If you still experience the bug please check whats actually happening. especially which requests are sent and the responses are of significance.

[certrik]

There are aproximately two hours between the actions in the green box. The actions in the blue box are done within a minute. What can you see. I log in. Click on an organisation. Wait two hours. Click on link "Organizations" to /#!/organization_list . The page is loaded. Try to click an other organisation in the list. Redirected to login page. Why is /#!/organization_list still loaded after two hours of login and I am not directly redirected to the login page as my login has apparently timed out.

[davewood]

This time i created a new non-admin user and waited 5 hours inbetween requests. when i clicked the "organizations" link I immediately got a HTTP 401 and a red "unauthorized" notification from the app.

[davewood]

lets turn on logging and try to reproduce simultaneously at the start of next week.

[ghost]

I see the same behavior somtimes btw