Bug #2015
redmine/gerrit authentication expires too often/frequently
Start date:
04/20/2017
Due date:
% Done:
0%
Spec Reference:
Description
From an e-mail by Sylvain:
I'm not sure if it's just me or if I'm using it wrong but I'm always annoyed when I have to login to gerrit ... 1) I shouldn't be logged out at all ... it's not a high security stuff that session should be kept open for a long time, like > 1 week without issues ... 2) I have to retype the openid login url. I mean there is a login with Yahoo and login with Launchpad Id dedicated link, isn't there a way to add, "login with your osmocom redmine account" link ? 3) Then I'm redirected to redmine, where I have to login as well, because again for some reason I've been logged out. Same comment as above, unless I explicitely log out, that session should last for ever pretty much ... 4) When I then login to redmine, I get redirected to the OpenID end point but at this point the "open id state" or whatever has been lost and so I need to go back to gerrit and re-do the whole login process so it can do it in one go without being interrupted by the redmine login process and finally log me into gerrit ... I can assure you I gave up on the whole process more than one time .... Cheers, Sylvain
Let's track in this ticket only the question why the authentication expires that frequently.
History
#1 Updated by zecke about 1 year ago
Yes, unfortunately I have seen all of these. Will look at it during OsmoDevCon.
- Gerrit should cache the log-in for months. I suspect the OpenID "token" holds an expiry as well. Need to learn/investigate it
- Button. Yes, but then we permanently need to rebase/patch it. But true
- I need to figure out if redmine can keep the info after the redirect..
#2 Updated by neels about 1 year ago
In the redmine admin, I see an "Autologin: disabled" item that can be set to 1, 7, 30 or 365 days. I set it to 30 days to see whether it helps.
Also there's a "Session maximum lifetime" set do disabled, assuming that that means there is no expiration.
#3 Updated by zecke about 1 year ago
- Status changed from New to In Progress
- I don't see an expiration handling in the OpenID gerrit code => not sure what to do. But "rememberme" seems to have an effect
- I have added an "Osmocom Login button" to the page.
Going to continue to look at how to improve it.