Koozali.org: home of the SME Server

Obsolete Releases => SME Server 9.x => Topic started by: guest22 on August 09, 2016, 08:42:13 AM

Title: Server manager time-out?
Post by: guest22 on August 09, 2016, 08:42:13 AM

Is there a (new) time out in server manager? I experience a time out where I am redirected to the login page of Server Manager.

Title: Re: Server manager time-out?
Post by: Jean-Philippe Pialasse on August 09, 2016, 08:49:23 AM

there have been a 5 min timeout since the implementation of TKTAuth, except it was broken (not declared at the right place) TKTAuth is pretty complicated as you have to declare variables in apache conf file, tkt conf file and the login page, and some only work at one place.

it will reset the counter everytime you reload the page, if the counter is at least half done. Which is the default behaviour but could be adjusted, to never reset or to reset whatever is its status.


Some will find 5 min is already too long to be secure. To my experience I would say that the 5 min could be a little too short for some people, if you feel the same, you can feel a NFR to be able to change the default timeout value.

Title: Re: Server manager time-out?
Post by: guest22 on August 09, 2016, 08:53:35 AM

So IS it broken or WAS it broken? Against what package should I file a NFR pls?

Title: Re: Server manager time-out?
Post by: Jean-Philippe Pialasse on August 09, 2016, 08:59:13 AM

Quote from: guest22 on August 09, 2016, 08:53:35 AM

So IS it broken or WAS it broken? Against what package should I file a NFR pls?

it was broken. the count down was not occurring. Fixed it while fixed the https redirection.

the correct package for NFR is e-smith-manager as templates are in it.

Title: Re: Server manager time-out?
Post by: guest22 on August 15, 2016, 05:01:19 AM

Shouldn't this be documented somehow?

Title: Re: Server manager time-out?
Post by: Jean-Philippe Pialasse on August 15, 2016, 11:16:50 PM

Quote from: guest22 on August 15, 2016, 05:01:19 AM

Shouldn't this be documented somehow?

if we start adding a property to modify it, sure !

otherwise, it is basic security standard to avoid to leave a connection to an interface to manage a whole server to run forever.

Title: Re: Server manager time-out?
Post by: guest22 on August 15, 2016, 11:46:56 PM

Any chenge should be documented. TKauth changes are no where mentioned.

Title: Re: Server manager time-out?
Post by: CharlieBrady on August 16, 2016, 02:40:32 PM

Quote from: guest22 on August 15, 2016, 05:01:19 AM

Shouldn't this be documented somehow?

Yes, both the problem and the fix should have been recorded in the bug tracker, and in a changelog entry in the affected package.

Title: Re: Server manager time-out?
Post by: Stefano on August 16, 2016, 06:50:53 PM

JPP, can you post here the bug reference about https redirection you mentioned before?
thank you

Title: Re: Server manager time-out?
Post by: Jean-Philippe Pialasse on August 17, 2016, 12:33:58 AM

all documented here:
https://bugs.contribs.org/show_bug.cgi?id=8825


the change has been referenced in the changelog as "- update syntaxe for TKT Auth" for the wrongly used old syntax at the wrong spot  replaced by new syntax corresponding to the version we use.

Title: Re: Server manager time-out?
Post by: Jean-Philippe Pialasse on January 11, 2017, 05:37:01 AM

for your information, I am planning to work on this, if you have suggestions

https://bugs.contribs.org/show_bug.cgi?id=9921