New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

conversation_error, 30 mins of inactivity #1029

Closed
natt-tester opened this Issue Jul 3, 2018 · 15 comments

Comments

Projects
None yet
5 participants
@natt-tester

natt-tester commented Jul 3, 2018

Steps:

  1. Log in
  2. Click on the menu icon several times
  3. Try to change the language to Russian

Expected: The language can be changed.
Actual: There is an error message: "Oops
The form was removed after 30 minutes of inactivity
Return to the application using below button."

2018-07-03_21h54_25

(I don't have access to the logs.)

@syntrydy

This comment has been minimized.

Contributor

syntrydy commented Jul 4, 2018

@natt-tester i'm unable to reproduce it. Btw, during my work the page above often shows up.

Can you provide more context?

@natt-tester

This comment has been minimized.

natt-tester commented Jul 5, 2018

@syntrydy I caught it again and got the logs. It seems quite random, I'm afraid, but maybe the logs will show why this happens:

oxtrust.log

@jgomer2001

This comment has been minimized.

Contributor

jgomer2001 commented Jul 20, 2018

I also get that page randomly in 3.1.3 installations

@syntrydy

This comment has been minimized.

Contributor

syntrydy commented Aug 30, 2018

I haven't saw such behavior in 3.1.4

@natt-tester natt-tester added this to the 3.1.4 milestone Sep 19, 2018

@natt-tester natt-tester changed the title from conversation_error on https://ce-dev6.gluu.org to conversation_error Sep 19, 2018

@natt-tester natt-tester changed the title from conversation_error to conversation_error, 30 mins of inactivity Sep 19, 2018

@natt-tester

This comment has been minimized.

natt-tester commented Sep 19, 2018

Turns out this behavior is easily reproducible in RC5:

  1. Log in to the oxTrust
  2. Click on a menu item, e.g. UMA
  3. Click on an item from the UMA menu, e.g. Scopes
  4. When it's loaded, double click on it again.

Tested locally in Ubuntu16 and on c7.
green_screen

@syntrydy

This comment has been minimized.

Contributor

syntrydy commented Sep 20, 2018

Why do you double click on a link, instead of clicking?

Double click ==> Click * 2 and this lead to some conversation error in application.

@natt-tester

This comment has been minimized.

natt-tester commented Sep 20, 2018

@syntrydy, no GUI behavior should lead to an error like this. We have to make sure our users get the best experience, even if they double-click something by mistake. Let's make it as user-friendly as possible :)

@yurem

This comment has been minimized.

Contributor

yurem commented Sep 24, 2018

I agree about "double click" issue.

But this error message due to user inactivity looks good for me:

Actual: There is an error message: "Oops
The form was removed after 30 minutes of inactivity
Return to the application using below button."

Why do you think application should allow to do action after 30 minutes of user inactivity? We can't use long sessions because it leds to security errors.

@syntrydy

This comment has been minimized.

Contributor

syntrydy commented Sep 24, 2018

i didn't found a fix for this issue

@yurem

This comment has been minimized.

Contributor

yurem commented Sep 24, 2018

According to stack trace it's JSF 2.2.16 issue.
In our code when you navigate from one menu action to another one we call method to end current conversation. It works well until you send requests too often. You send few similar requests which do the same. First one is end conversation and second one led to error because conversation context removed already.

@yurem

This comment has been minimized.

Contributor

yurem commented Sep 24, 2018

I think we can change milestone to 4.0.0 to think about it later.

@willow9886 willow9886 modified the milestones: 3.1.4, 4.0 Sep 25, 2018

@yurem

This comment has been minimized.

Contributor

yurem commented Sep 25, 2018

BTW, here is how other Shib IDP3 plugin handle conversation timeout issue: https://github.com/GluuFederation/oxShibboleth/blob/version_3.1.4/oxShibbolethWebapp/src/main/webapp/no-conversation-state.jsp#L19
It just show error page with message.

I think we only can improve here error message if needed. Both flow looks good for me:

  1. oxTrust has conversation lifetime = session lifetime = 30 minutes. Hence user might get session timeout or conversation timeout which depends on use case
  2. When you click multiple time on link... First request end conversation, than application break processing request due to second one. And as result second request can't load conversation because first one ended it already. I'm not sure that we need to fix this. What do you think?

@yurem yurem modified the milestones: 4.0, 3.1.5 Sep 27, 2018

@yurem

This comment has been minimized.

Contributor

yurem commented Sep 27, 2018

We need to revert commit after resolving this issue: a081040

This is possible solution to fix this issue: https://www.knitelius.com/2015/05/10/synchronizing-access-to-cdi-conversations/

The main idea of it to allow access one conversation only one request. It's introduce synchronization

syntrydy added a commit that referenced this issue Oct 24, 2018

Merge pull request #1315 from /issues/1029
conversation_error, 30 mins of inactivity #1029
@syntrydy

This comment has been minimized.

Contributor

syntrydy commented Oct 24, 2018

Fixed

@syntrydy syntrydy closed this Oct 24, 2018

@natt-tester

This comment has been minimized.

natt-tester commented Dec 16, 2018

I'm unable to reproduce this behavior in 3.1.5_3. It's DONE.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment