VS Portal Session does not expire if page is closed

Question

VS Portal Session does not expire if page is closed

bschlaman opened this issue 3 years ago · comments

TL;DR

While having the VS portal UI open, the session will expire after SESSION_IDLE_TIMEOUT minutes of inactivity (20 min default). However, if the page is closed, the session seems to remain active for an indefinite amount of time.

Expected behavior
When navigating to the portal after it was closed out for more than 20 min, the user should be prompted to log in again.

Observed behavior
The login screen flashes for a moment, and the user is automatically logged in.

Reproduction

Log in normally
Close out of the portal
Wait >20min (can be overnight)
Navigate to the login page, user is automatically logged in

Environment

OS: Windows, Linux
Browser: Chrome, Chromium

Additional information
Not sure if this happens every time or just some of the time.

Mike Helmick · Answer 1 · Fri Feb 05 2021 01:57:55 GMT+0800 (China Standard Time)

/assign @whaught

Weston Haught · Answer 2 · Fri Feb 05 2021 02:10:07 GMT+0800 (China Standard Time)

I don't believe the session will remain active indefinitely - SESSION_DURATION sets the ttl to 20h by default. Let me check to see if we're bumping activity on the session before doing the idle check

Brendan Schlaman · Answer 3 · Fri Feb 05 2021 02:23:42 GMT+0800 (China Standard Time)

I'm pretty sure this has happened with time >20hrs, although I can't confirm that for sure. I closed out of a session earlier today, so I'll test this tomorrow after 20hrs have passed.