A redirect to the login page from error page would be a more reasonable solution IMO.
On Wed, Jan 4, 2017 at 3:23 PM, Robert Story <rst...@tislabs.com> wrote: > On Wed, 4 Jan 2017 14:40:06 -0500 Ravi wrote: > RN> With SSO the client sends the client secret to SSO which is stored in > the > RN> session. Now when the clients session expires all the information > including > RN> the client secret is lost when the session is purged by the application > RN> server. > > Is the session expiration time configurable? > > RN> 1. login to webadmin > RN> 2. Leave the session until session time out on engine and user is > RN> redirected to login page (the client id and secret are sent) > RN> 3. If user tries to login now everything will be fine but if user > leaves > RN> and the session expires the session is purged, client secret is lost > RN> 4. User enters user name password on the screen after coming back. The > RN> login form does not have a session associated with it so the client and > RN> secret are not found and SSO needs to report that the session has > expired > RN> and redirect user to welcome page. > > So in step 4, can't it just start a new session instead of going to an > expiration page? Or show the page for a few seconds and then start a new > session? > > Or in step 2, set a refresh on the login page that still has a session so > that when the session expires it will redirect to a login screen that will > start a new session? > > > > Robert > > -- > Senior Software Engineer @ Parsons >
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users