[horde] Horde portal not returning to login screen when session expires

Discussion:

Patrick Boutilier

2013-07-22 16:26:23 UTC

Horde 5.1.2 with IMP 6.1.3 using IMP authentication.

When your session times out the portal does not redirect the user to the
login page. When the portal refreshes and there is a Mailbox Summary
block in the portal the block displays:

/*-secure-{"msgs":[{"message":"\/services\/ajax.php\/horde\/login.php?url=%2Fservices%2Fajax.php%2Fhorde%2F&horde_logout_token=-_ixwNiJtWeLNjyixq6wtg1&logout_reason=6","type":"horde.ajaxtimeout"}],"response":false}*/

If you then click the horde word to bring up /services/portal again the
rest of the blocks give errors like "User is not authorized for imp",
"User is not authorized for nag" , etc...

Clicking the logout button does return to login screen.

Quickest way to test this is to set $conf['session']['timeout'] to a
real low number such as 30 seconds and let your login session expire.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: boutilpj.vcf
Type: text/x-vcard
Size: 286 bytes
Desc: not available
URL: <http://lists.horde.org/archives/horde/attachments/20130722/67790a74/attachment.vcf>

Michael M Slusarz

2013-07-22 19:50:27 UTC

Permalink

Post by Patrick Boutilier
Horde 5.1.2 with IMP 6.1.3 using IMP authentication.
When your session times out the portal does not redirect the user to
the login page. When the portal refreshes and there is a Mailbox
/*-secure-{"msgs":[{"message":"\/services\/ajax.php\/horde\/login.php?url=%2Fservices%2Fajax.php%2Fhorde%2F&horde_logout_token=-_ixwNiJtWeLNjyixq6wtg1&logout_reason=6","type":"horde.ajaxtimeout"}],"response":false}*/

This is correct. Blocks can't automatically log a user out because
they are being updated on a "dumb" basis - all they do is update HTML
content by whatever is passed back.

To have this work correctly, someone will need to rewrite the block
updating code to instead handle the Horde-specific AJAX responses
(i.e. send requests using HordeCore.doAction()) - so that any session
timeouts will be properly handled.

michael

___________________________________
Michael Slusarz [slusarz at horde.org]

Michael J Rubinsky

2013-07-22 20:15:24 UTC

Permalink

Post by Michael M Slusarz

Post by Patrick Boutilier
Horde 5.1.2 with IMP 6.1.3 using IMP authentication.
When your session times out the portal does not redirect the user
to the login page. When the portal refreshes and there is a Mailbox
/*-secure-{"msgs":[{"message":"\/services\/ajax.php\/horde\/login.php?url=%2Fservices%2Fajax.php%2Fhorde%2F&horde_logout_token=-_ixwNiJtWeLNjyixq6wtg1&logout_reason=6","type":"horde.ajaxtimeout"}],"response":false}*/

This is correct. Blocks can't automatically log a user out because
they are being updated on a "dumb" basis - all they do is update
HTML content by whatever is passed back.
To have this work correctly, someone will need to rewrite the block
updating code to instead handle the Horde-specific AJAX responses
(i.e. send requests using HordeCore.doAction()) - so that any
session timeouts will be properly handled.

http://bugs.horde.org/ticket/11942
--
mike

The Horde Project (www.horde.org)
mrubinsk at horde.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-keys
Size: 2200 bytes
Desc: PGP Public Key
URL: <http://lists.horde.org/archives/horde/attachments/20130722/6384ceef/attachment-0002.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6062 bytes
Desc: S/MIME Signature
URL: <http://lists.horde.org/archives/horde/attachments/20130722/6384ceef/attachment-0003.bin>