Uploaded image for project: 'Sakai'
  1. Sakai
  2. SAK-16162

session timeout causes continuous redirect loop



    • Type: Bug
    • Status: CLOSED
    • Priority: Blocker
    • Resolution: Fixed
    • Affects Version/s: 2.6.0
    • Fix Version/s: 2.6.0
    • Component/s: Portal
    • Labels:


      See SAK-13987 for implementation of a feature that warns people when they are getting near to the inactivity timeout. It may be that this features is effectively disabled, for reasons noted in comments for SAK-13987. However if you manage to get it working, e.g. by doing the patch to change

      url: "/direct/session/" + sessionId + ".json?auto=true"
      to be
      url: "/direct/session/" + sessionId + ".json?auto=true&_=" + (new Date()).getTime();

      you'll run into another problem: unless JSESSIONID is the first cookie, you'll get an invalid session ID. The problem is that this results in a continuous redirect loop, thus effectively disabling Sakai for that user. This was noted in another comment in SAK-13987. However the comment didn't make it clear quite how serious the impact of the problem is.

      A solution that works for us is to change

      var sessionId = document.cookie.replace(/^[^=]=/, '').replace(/\..$/, '');
      var sessionId = document.cookie.replace(/^.JSESSIONID=/, '').replace(/\..$/, '');

      However this assumes that the session ID is carried in a cookie called JSESSIONID. There was some concern in a comment that this might not work in other app servers. A reasonable approach would be to add a configuration setting like sessionid.cookiename, which defaults to JESSIONID.

      I'm unclear how serious a problem this is, since it appears that without the fix to the URL, this feature is probably effectively disabled. However if that isn't the case, we need to warn sites that enabling this feature has a high probability of creating disaster for at least some of their users.

        Gliffy Diagrams



              Issue Links



                  • Assignee:
                    jonespm Matthew Jones
                    hedrick Charles Hedrick
                  • Votes:
                    0 Vote for this issue
                    5 Start watching this issue


                    • Created:

                      Git Integration