Pre-bugfest env | User is not logged out when fixed session timeout expires

Description

Steps to reproduce:

  1. Login to https://pre-eureka-bugfest-ramsons-consortium.int.aws.folio.org/

  2. Go to “Users“ app

  3. Open any existing user record

  4. Wait until the fixed session timeout expires (1-2 hours; exact value can be found on “Session“ tab in Keycloak admin console for a given tenant)

  5. Wait until timer in the fixed session timeout message (below the top navigation bar) reaches 00:00

Expected result: User is logged out. Login screen is shown.

Actual result: User remains logged in. The same page is opened as before timeout expiration. Fixed session timeout message remains shown.

Additional information:

CSP Request Details

None

CSP Rejection Details

None

Potential Workaround

None

Attachments

6

Checklist

hide

Activity

Show:

Yauhen Viazau December 6, 2024 at 7:33 AM

- please set the RCA group

Yauhen Viazau December 6, 2024 at 7:32 AM

Closing the ticket as Zak suggested.
cc:

Zak Burke December 5, 2024 at 9:15 PM

, we have not identified steps that consistently reproduce this behavior. When I did reproduce it, I noted several distinct issues. At least one of them (the NPE in loginServices) was resolved and released in v10.2.4.

The failed logout request related to remains, but is not really a big deal because the cookie and the keycloak session self-destruct at the same moment. When the cookie is valid, you can use it destroy the session early by calling logout(). Here, we’re calling logout() a bit too late, just after the cookie has self-destructed. That seems like a problem – we see that 422 response – but really it’s no big deal and amounts to “you didn’t have credentials to destroy a session that had already self-destructed”.

I think we can close this ticket as done given that we have resolved the NPE, and this other problem is not really a problem. Sound good, ?

Yauhen Viazau December 5, 2024 at 2:16 PM
Edited

The ticket was moved to Blocked/Questionable due to the details described in my previous comment. So that could review.

Denis December 5, 2024 at 1:38 PM

Hi , I see the ticket status as Blocked. Do you happen to know the reason? Or this could be accidentally added/not removed? And do we know the fix version if that is Done/Closed?
cc

Done

Details

Assignee

Reporter

Priority

Story Points

Sprint

Development Team

Eureka

Fix versions

Release

Ramsons (R2 2024) Bug Fix

RCA Group

Implementation coding issue

TestRail: Cases

Open TestRail: Cases

TestRail: Runs

Open TestRail: Runs
Created November 1, 2024 at 11:49 AM
Updated February 25, 2025 at 2:24 AM
Resolved December 3, 2024 at 10:32 AM
TestRail: Cases
TestRail: Runs