Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Session does not time out on Inputs page #18488

Open
coffee-squirrel opened this issue Mar 5, 2024 · 0 comments
Open

Session does not time out on Inputs page #18488

coffee-squirrel opened this issue Mar 5, 2024 · 0 comments
Labels
bug triaged

Comments

@coffee-squirrel
Copy link

coffee-squirrel commented Mar 5, 2024
edited

Expected Behavior

Session expiration should occur regardless of which page a user is viewing.

Current Behavior

When viewing the Inputs page (/system/inputs), at minimum the /api/cluster/inputstates request (https://github.com/Graylog2/graylog2-server/blob/5.2.3/graylog2-web-interface/src/stores/inputs/InputStatesStore.js#L42) gets sent without request header X-Graylog-No-Session-Extension: true, which results in the session never expiring.

Steps to Reproduce (for bugs)

  1. Have a Graylog 5.2.3 5.2.5 environment
  2. Open your browser's dev tools network tab
  3. Navigate to the Inputs (/system/inputs) page
  4. Note the aforementioned requests are sent without the request header X-Graylog-No-Session-Extension: true

Context

I happened to leave the Inputs page up, and noticed I was still logged in the next day.

Similar to #10613 and #18063.

Your Environment

  • Graylog Version: 5.2.3 5.2.5 5.2.7
  • Browser version: Firefox 125
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug triaged
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@coffee-squirrel @sethgraylog