On Thu, Feb 11, 2010 at 4:39 AM, Paul Mossman <[email protected]> wrote: > Arjun wrote: >> I just noticed that, on my system, I am able to access the >> superadmin portal through the user portal. Huijun and I took >> a look at this issue, and it seems to be related to the >> recently added date/time REST API [1], which is currently >> used to asynchronously update the date/time from sipXconfig. >> This is a serious bug, and I suggest we revert the commit >> until we get to the bottom of this. >> >> Here's the issue tracking this - >> http://track.sipfoundry.org/browse/XX-7641 > > Thanks gents, this drove me nuts today. I couldn't get rid of it on one > system, and couldn't reproduce it on another. Glad to hear it wasn't > caused by the patches being reviewed. :) > > So (based also on some findings from Carson), I think it occurs when you > have the Admin portal open, manually re-start sipXconfig, and a > date/time update happens to occur before the auto-logout kicks in. You > get the "Authentication Required" prompt, but no auto-logout. > (http://track.sipfoundry.org/browse/XX-7631) > > Then I suppose entering valid credentials (actually the date/time REST > API) creates a login session that the browser caches. Manually logging > out of the Admin portal and into the User portal seems to be OK, until > you click on a menu item, at which point you flip back to superadmin and > get Admin portal menus? > > In either case, I agree that it needs to be fixed in 4.2. > I would like to share on the list a nice proposal (thanks Arjun) of how to redesign the date/time component. Arjun, me and Paul had a discussion and here is what we achieved:
[...] > > No need for REST. We send the initial time each time a page > renders, and then update it at regular intervals using > javascript. It may not be a 100% synchronized with the > server, but I don't think we are missing out on anything by > not being accurate. > > +1 > > Well, yes. I think we can live just fine with this. I agree. Sounds good to me. > However, I believe that the rest service is good to be there, > even we will not use it. Maybe sometimes someone would like > to use it in a potential new client application :) >Mircea Agreed, there's no harm in having it there. -Paul [email protected] [...] With Arjun's proposal both http://track.sipfoundry.org/browse/XX-7631 and http://track.sipfoundry.org/browse/XX-7641 will be solved. The rest service will not be called in the tapestry page and therefore no authentication will be required. Another reason that I think this is good to have the time/date rest service is when we will have all user-portal rewritten using GWT technology (at least that was the intent some time ago). We would definitely need the rest service to get the server time/date and display it in the user-portal GWT page Thanks, Mircea _______________________________________________ sipx-dev mailing list [email protected] List Archive: http://list.sipfoundry.org/archive/sipx-dev Unsubscribe: http://list.sipfoundry.org/mailman/listinfo/sipx-dev sipXecs IP PBX -- http://www.sipfoundry.org/
