Bug #2400
'Remeber me' with memcache breaks Sunstone login
| Status: | Closed | Start date: | 10/22/2013 | |
|---|---|---|---|---|
| Priority: | High | Due date: | ||
| Assignee: |  Daniel Molina | % Done: | 100% | |
| Category: | Sunstone | |||
| Target version: | Release 4.4 | |||
| Resolution: | fixed | Pull request: | ||
| Affected Versions: | OpenNebula 4.2 |
Description
Not sure whether this is a misconfiguration on my part. With 'Keep me logged in' un-checked everything works, including sessions. Once it is checked, I cannot log into Sunstone.
Some debug info:
Login itself works as expected and session is set:
=====
{"user"=>"oneadmin", "user_id"=>"0", "user_gid"=>"0", "user_gname"=>"oneadmin", "ip"=>"<MY_IP>", "remember"=>"true"}
=====
Then env['rack.session.options'] is updated as follows:
=====
{:path=>"/", :domain=>nil, :expire_after=>2592000, :secure=>false, :httponly=>true, :defer=>false, :renew=>false, :sidbits=>128, :secure_random=>SecureRandom, :namespace=>"opennebula.sunstone", :memcache_server=>"localhost:11211"}
=====
and 204 is returned, that still looks OK.
But when #authorized? tries to do
=====
session[:ip] && session[:ip]==request.ip
=====
the whole session is empty (i.e. {}).
Associated revisions
bug #2400: Fix expiration time for mencache.
When the expiration time specified is 30 days or more in seconds, Memcache treats the expiration as an absolute date by converting the amount of seconds specified to a Unix epoch date. Be careful, because specifying 40 days in seconds will set the expiration to a time in 1970, which will yield unknown results.
bug #2400: Fix expiration time for mencache.
When the expiration time specified is 30 days or more in seconds, Memcache treats the expiration as an absolute date by converting the amount of seconds specified to a Unix epoch date. Be careful, because specifying 40 days in seconds will set the expiration to a time in 1970, which will yield unknown results.(cherry picked from commit 20831c763400221567d3119131c2311497c71808)
History
#1
Updated by Boris Parak over 7 years ago
Affected Version: OpenNebula 4.4 (master)
#2
Updated by Ruben S. Montero over 7 years ago
- Status changed from Pending to New
#3
Updated by Daniel Molina over 7 years ago
Hi Boris,
You found a bug. Could you try changing the following:
diff --git a/src/sunstone/sunstone-server.rb b/src/sunstone/sunstone-server.rb
index 167bcdd..8b01324 100755
--- a/src/sunstone/sunstone-server.rb
+++ b/src/sunstone/sunstone-server.rb
@@ -202,7 +202,7 @@ helpers do
#end user options
if params[:remember] == "true"
- env['rack.session.options'][:expire_after] = 30*60*60*24
+ env['rack.session.options'][:expire_after] = 30*60*60*24-1
end
return [204, ""]
In sunstone when you click remember me, the expiration time is set to 30 days. And that's exactly the limit for memcache :).
When the expiration time specified is 30 days or more in seconds, Memcache treats the expiration as an absolute date by converting the amount of seconds specified to a Unix epoch date. Be careful, because specifying 40 days in seconds will set the expiration to a time in 1970, which will yield unknown results.
#4
Updated by Boris Parak over 7 years ago
Hi Daniel,
it works ... and I've just learned something new about Memcache! It's a win-win situation :)
Cheers
#5
Updated by Daniel Molina over 7 years ago
- Status changed from New to Closed
- Assignee set to Daniel Molina
- % Done changed from 0 to 100
- Resolution set to fixed
Great! I have uploaded the fix to master and one-4.2
Thank you for the feedback