Details
-
Bug Report
-
Resolution: Fixed
-
L3 - Default
-
None
-
2
-
S
Description
Context:
With the storage as cookie and usage of the service accessToken with OPT-6274 there can be a mismatch of it's lifetime and the auth cookie that represents the user session.
In the case that the X-Optimize-Service-Token expires before X-Optimize-Authorization some requests of Optimize that make use of the X-Optimize-Service-Token may fail with a HTTP status 401.
With OPT-5998 this would result in a page reload to reinitialise the OAuth2 authentication flow (assuming a 401 means the user session expired) but given the case that the X-Optimize-Authorization cookie could still ne valid this results in an endless refresh loop.
AT:
- ensure the expiry of either the two cookies X-Optimize-Authorization or X-Optimize-Service-Token results in a full recreation of the user session with valid new cookies
- disable the automatic refresh of the X-Optimize-Authorization cookie in a SaaS environment
- ideally align the expiry of both cookies, using the shotest lifetime either being the one of the access-token or the config `security.auth.token.lifeMin`
mgm-controller-panel
This is the controller panel for Smart Panels app
Attachments
Issue Links
- mentioned in
-
Page Loading...