Uploaded image for project: 'Camunda Optimize'
  1. Camunda Optimize
  2. OPT-6366

Lifetime of Optimize session in SaaS is not aligned with lifetime of service token

    XMLWordPrintable

Details

    • 2
    • S

    Description

      Context:

      With the storage as cookie and usage of the service accessToken with OPT-6274 there can be a mismatch of it's lifetime and the auth cookie that represents the user session.
      In the case that the X-Optimize-Service-Token expires before X-Optimize-Authorization some requests of Optimize that make use of the X-Optimize-Service-Token may fail with a HTTP status 401.
      With OPT-5998 this would result in a page reload to reinitialise the OAuth2 authentication flow (assuming a 401 means the user session expired) but given the case that the X-Optimize-Authorization cookie could still ne valid this results in an endless refresh loop.

      AT:

      • ensure the expiry of either the two cookies X-Optimize-Authorization or X-Optimize-Service-Token results in a full recreation of the user session with valid new cookies
      • disable the automatic refresh of the X-Optimize-Authorization cookie in a SaaS environment
      • ideally align the expiry of both cookies, using the shotest lifetime either being the one of the access-token or the config `security.auth.token.lifeMin`

      mgm-controller-panel

        This is the controller panel for Smart Panels app

        Attachments

          Issue Links

            Activity

              People

                Unassigned Unassigned
                sebastian.bathke Sebastian Bathke
                Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                  Created:
                  Updated:
                  Resolved:

                  Salesforce