Details
-
Bug
-
Resolution: Fixed
-
P2: Important
-
Qt Creator 15.0.0 (15.0 branch)
-
None
-
913c7299a (15.0)
Description
- leads to the following, persistant error after 1 hour when the dashboard enforces session reauthentication
- Axivion: DashboardError (http://localhost:9090/axivion/) [500 ] IllegalStateException: Can only reauthenticate LoginSession authentication, got ApiToken
- reason is, that for the issue-properties endpoint the server has a workaround for plugins that can't control how their internal browser accesses that endpoint
- the workaround basically caches the Token-Authentication in an HttpSession and sets a cookie for that
- on the next supposedly anonymous request (e.g. when switching back and forth between dashboards) it seems, that currently the "Authorization"-Header is left out, however the "Cookie"-Header is sent along
- if such a halfway-anonymous request takes place after a server configuration change or after 1 hour, it coincides with a server-side reauthentication of the HttpSession (check, whether the user still exists, still has the same permissions ..) which fails, because the reauthentication code assumes, that the cached Authentication-Data was authenticated via a regular login-form login which it wasn't.
- So basically this is a server-bug exposed by a client-bug. I created BAUHAUS-25483 for the server bug.
- Nevertheless, we should also fix the client-bug and make sure that no cookies are sent along when doing the anonymous "first" dashboard request probably by reinitializing some HttpClient-object
Attachments
For Gerrit Dashboard: QTCREATORBUG-31785 | ||||||
---|---|---|---|---|---|---|
# | Subject | Branch | Project | Status | CR | V |
597814,3 | Axivion: Ensure clean session start | 15.0 | qt-creator/qt-creator | Status: MERGED | +2 | 0 |
600721,1 | Axivion: Ensure clean session start | master | qt-creator/qt-creator | Status: ABANDONED | 0 | 0 |