Uploaded image for project: 'Sakai'
  1. Sakai
  2. SAK-39300

Webdav fails on second login attempt after KNL-1050 & KNL-1035

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: RESOLVED
    • Priority: Critical
    • Resolution: Incorporated
    • Affects Version/s: 2.9.x
    • Fix Version/s: None
    • Component/s: Kernel
    • Labels:
      None
    • Previous Issue Keys:
      KNL-1089

      Description

      After a user log's in once with webdav, they will be unable to login again with webdav. This is because the session is reused and this is not allowed by UsageSessionServiceAdaptor. There were two solutions proposed for this:

      1) To have a session that times out after X minutes (under the session timeout which defaults to 10 minutes) which would create new sessions. Most likely this would still be limited by KNL-1035 but would still result in "ghost" sessions, which up the session count for webdav.

      2) To modify the UsageSessionServiceAdaptor to perform an update if the insert fails (an upsert). This would keep the sessions limited but because the salt is only generated at restart, it would be less secure for dav sessions if someone was able to get this somehow (through the bug reports of they matched was one idea but a separate issue)

      I'm attaching the patch for #2, UCT has committed #1 to their msub. Both of them change the encoding of SHA-1 to avoid losing any bits.

        Gliffy Diagrams

          Zeplin

            Attachments

              Issue Links

                Activity

                  People

                  Assignee:
                  k1team KERNEL TEAM (Inactive)
                  Reporter:
                  jonespm Matthew Jones
                  Votes:
                  0 Vote for this issue
                  Watchers:
                  4 Start watching this issue

                    Dates

                    Created:
                    Updated:
                    Resolved:

                      Git Integration