Uploaded image for project: 'Qt Creator'
  1. Qt Creator
  2. QTCREATORBUG-31785

plugin sends along the JSESSIONID cookie when doing a supposedly anonymous first request

    XMLWordPrintable

Details

    • Bug
    • Resolution: Fixed
    • P2: Important
    • Qt Creator 15.0.0-beta2
    • Qt Creator 15.0.0 (15.0 branch)
    • Axivion
    • None
    • 913c7299a (15.0)

    Description

      • leads to the following, persistant error after 1 hour when the dashboard enforces session reauthentication 
      • Axivion: DashboardError (http://localhost:9090/axivion/) [500 ] IllegalStateException: Can only reauthenticate LoginSession authentication, got ApiToken 
      • reason is, that for the issue-properties endpoint the server has a workaround for plugins that can't control how their internal browser accesses that endpoint 
      • the workaround basically caches the Token-Authentication in an HttpSession and sets a cookie for that 
      • on the next supposedly anonymous request (e.g. when switching back and forth between dashboards) it seems, that currently the "Authorization"-Header is left out, however the "Cookie"-Header is sent along 
      • if such a halfway-anonymous request takes place after a server configuration change or after 1 hour, it coincides with a server-side reauthentication of the HttpSession (check, whether the user still exists, still has the same permissions ..) which fails, because the reauthentication code assumes, that the cached Authentication-Data was authenticated via a regular login-form login which it wasn't. 
      • So basically this is a server-bug exposed by a client-bug. I created BAUHAUS-25483 for the server bug. 
      • Nevertheless, we should also fix the client-bug and make sure that no cookies are sent along when doing the anonymous "first" dashboard request probably by reinitializing some HttpClient-object 

      Attachments

        For Gerrit Dashboard: QTCREATORBUG-31785
        # Subject Branch Project Status CR V

        Activity

          People

            cstenger Christian Stenger
            daniel_hofmann Daniel Hofmann
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Gerrit Reviews

                There are no open Gerrit changes