Details
-
Bug
-
Status: Open
-
Major
-
Resolution: Unresolved
-
None
-
None
-
None
Description
Currently when the http session ends (for example when the configured qpid.port.http.absoluteSessionTimeout expires) the Web Management Console (WMC) displays a dialogue box (with a generic 401 error in this case) offering a button to log in again.
However, the dialogue box is closable. If the user closes it the WMC remains somewhat usable. All client-side operations continue to work (e.g., create a Query). Some operations fail silently (e.g., retrieving data when opening a new tab by double clicking on, for example, a Port) and yet other operations redisplay the 401 dialogue (e.g., broker-side operations involving POST or PUT).
I think when the user is no longer logged in the WMC should clearly indicate this by somehow preventing all further use of the WMC. From a security point of view we also want the existing data currently being displayed to disappear.