On Thu, 2010-02-11 at 11:09 +0200, Mircea Carasel wrote: > On Thu, Feb 11, 2010 at 4:39 AM, Paul Mossman <[email protected]> wrote: > > Arjun wrote: > >> I just noticed that, on my system, I am able to access the > >> superadmin portal through the user portal. Huijun and I took > >> a look at this issue, and it seems to be related to the > >> recently added date/time REST API [1], which is currently > >> used to asynchronously update the date/time from sipXconfig. > >> This is a serious bug, and I suggest we revert the commit > >> until we get to the bottom of this. > >> > >> Here's the issue tracking this - > >> http://track.sipfoundry.org/browse/XX-7641 > > > > Thanks gents, this drove me nuts today. I couldn't get rid of it on one > > system, and couldn't reproduce it on another. Glad to hear it wasn't > > caused by the patches being reviewed. :) > > > > So (based also on some findings from Carson), I think it occurs when you > > have the Admin portal open, manually re-start sipXconfig, and a > > date/time update happens to occur before the auto-logout kicks in. You > > get the "Authentication Required" prompt, but no auto-logout. > > (http://track.sipfoundry.org/browse/XX-7631) > > > > Then I suppose entering valid credentials (actually the date/time REST > > API) creates a login session that the browser caches. Manually logging > > out of the Admin portal and into the User portal seems to be OK, until > > you click on a menu item, at which point you flip back to superadmin and > > get Admin portal menus? > > > > In either case, I agree that it needs to be fixed in 4.2. > > > I would like to share on the list a nice proposal (thanks Arjun) of > how to redesign the date/time component. > Arjun, me and Paul had a discussion and here is what we achieved: > > [...] > > > No need for REST. We send the initial time each time a page > > renders, and then update it at regular intervals using > > javascript. It may not be a 100% synchronized with the > > server, but I don't think we are missing out on anything by > > not being accurate. > > > > +1 > > > > Well, yes. I think we can live just fine with this. I agree. > > Sounds good to me. > > > > However, I believe that the rest service is good to be there, > > even we will not use it. Maybe sometimes someone would like > > to use it in a potential new client application :) > >Mircea > > Agreed, there's no harm in having it there. > > > -Paul > [email protected] > [...] > > With Arjun's proposal both http://track.sipfoundry.org/browse/XX-7631 > and http://track.sipfoundry.org/browse/XX-7641 will be solved. The > rest service > will not be called in the tapestry page and therefore no > authentication will be required. > Another reason that I think this is good to have the time/date rest > service is when we will have all user-portal rewritten using GWT > technology (at least > that was the intent some time ago). We would definitely need the rest > service to get the server time/date and display it in the user-portal > GWT page > > Thanks, > Mircea
Worked with Mircea to preapare a patch for this issue ( http://track.sipfoundry.org/browse/XX-7641 ) with the solution proposed by Arjun. Arjun would you please be so kind and review the patch. Thank you, Daniel _______________________________________________ sipx-dev mailing list [email protected] List Archive: http://list.sipfoundry.org/archive/sipx-dev Unsubscribe: http://list.sipfoundry.org/mailman/listinfo/sipx-dev sipXecs IP PBX -- http://www.sipfoundry.org/
