My favorites | Sign in
Project Home Downloads Wiki Issues Source
New issue   Search
for
  Advanced search   Search tips   Subscriptions
Issue 286: Session expires when many tabs are open to gerrit
  Back to list
Status:  Released
Owner:  sop+code@google.com
Closed:  Oct 2012


Sign in to add a comment
 
Reported by sop+code@google.com, Sep 29, 2009
Affected Version: 2.0.22

What steps will reproduce the problem?
1. Login to a Gerrit server.
2. Open many tabs to the same Gerrit server.
2. Get one of the tabs to change cookie, e.g. by doing a sign-in again.
3. Go to another tab, the session will fail, and ask you to sign-in again.
4. Go back to the prior tab, its session will fail, and ask you to sign-in.

What is the expected output? What do you see instead?
Correctly reuse the existing tabs.


The issue is being caused by the JSON-RPC client library caching the cookie 
in the JavaScript global variables and replaying that to the server as part
of the POST body in the xsrfKey field.  The server requires that the value 
of xsrfKey matches the cookie.  If the cookie change, not all tabs will get
notified and they won't update the global they use to seed xsrfKey.  On the
next request the tab will get a session error because the xsrfKey doesn't
match the cookie presented.

Instead we need JSON-RPC to pull the xsrfKey from a cookie on the fly and
not be using a global variable.
Sep 29, 2009
#1 sop+code@google.com
Fixed by Ic94ae6bb61325a7b01e12b43e844ceabc5c817b1
Status: Fixed
Labels: FixedIn-2.0.23
Oct 21, 2012
#2 sop@google.com
(No comment was entered for this change.)
Status: Released
Sign in to add a comment

Powered by Google Project Hosting