[jira] [Commented] (QPID-8022) [Broker-J, WMC] When the session ends (timeout, broker goes away, connection lost) the UI should cearly indicate this

Wed, 08 Nov 2017 03:08:25 -0800 

    [ 
https://issues.apache.org/jira/browse/QPID-8022?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16243742#comment-16243742
 ] 

Lorenz Quack commented on QPID-8022:
------------------------------------

One possibility would be to redirect to the login page directly and add the 
possibility to display an error there to indicate why the user ended up at the 
login page. For example 
* Failed login: Login failed. Try again.
* Authorization failed: Not authorized to log in to this broker. Try other 
credentials.
* Session timeout: Previous session timed out. Please re-authenticate by 
logging in again.
* Connection lost (could be broker crash): Connection to the broker was lost. 
Fix the problem and try logging in again.

> [Broker-J, WMC] When the session ends (timeout, broker goes away, connection 
> lost) the UI should cearly indicate this
> ---------------------------------------------------------------------------------------------------------------------
>
>                 Key: QPID-8022
>                 URL: https://issues.apache.org/jira/browse/QPID-8022
>             Project: Qpid
>          Issue Type: Bug
>          Components: Java Broker
>            Reporter: Lorenz Quack
>
> Currently when the http session ends (for example when the configured 
> {{qpid.port.http.absoluteSessionTimeout}} expires) the Web Management Console 
> (WMC) displays a  dialogue box (with a generic 401 error in this case) 
> offering a button to log in again.
> However, the dialogue box is closable. If the user closes it the WMC remains 
> somewhat usable. All client-side operations continue to work (e.g., create a 
> Query). Some operations fail silently (e.g., retrieving data when opening a 
> new tab by double clicking on, for example, a Port) and yet other operations 
> redisplay the 401 dialogue (e.g., broker-side operations involving POST or 
> PUT).
> I think when the user is no longer logged in the WMC should clearly indicate 
> this by  somehow preventing all further use of the WMC. From a security point 
> of view we also want the existing data currently being displayed to disappear.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org
For additional commands, e-mail: dev-h...@qpid.apache.org

Reply via email to