| Issue 286: | Session expires when many tabs are open to gerrit | |
| Back to list |
Affected Version: 2.0.22 What steps will reproduce the problem? 1. Login to a Gerrit server. 2. Open many tabs to the same Gerrit server. 2. Get one of the tabs to change cookie, e.g. by doing a sign-in again. 3. Go to another tab, the session will fail, and ask you to sign-in again. 4. Go back to the prior tab, its session will fail, and ask you to sign-in. What is the expected output? What do you see instead? Correctly reuse the existing tabs. The issue is being caused by the JSON-RPC client library caching the cookie in the JavaScript global variables and replaying that to the server as part of the POST body in the xsrfKey field. The server requires that the value of xsrfKey matches the cookie. If the cookie change, not all tabs will get notified and they won't update the global they use to seed xsrfKey. On the next request the tab will get a session error because the xsrfKey doesn't match the cookie presented. Instead we need JSON-RPC to pull the xsrfKey from a cookie on the fly and not be using a global variable.
Oct 21, 2012
(No comment was entered for this change.)
Status:
Released
|
|
| ► Sign in to add a comment |
Labels: FixedIn-2.0.23