Uploaded image for project: 'eZ Publish / Platform'
  1. eZ Publish / Platform
  2. EZP-23214

User is logged out as result of role/policy changes (Memcache sessions)

    Details

      Description

      When using memcache-based session handler, changes to user roles/policies done through the admin siteaccess will cause the corresponding user to be logged out in the frontend.

      Steps to reproduce:
      1. On browser A, login to frontend with user a
      2. On browser B, login to admin interface.
        1. Assign a new role to user a, or modify one of the existing role by adding/removing policies

      Result: User A will be logged out.

      Config:

      framework:
          session:
              cookie_domain: .ezpublish.local
              save_path: %kernel.root_dir%/sessions
              handler_id: session.handler.memcache
       
      parameters:
          session_memcache_host: "127.0.0.1"
          session_memcache_port: 9001
          session_memcache_prefix: prefix_
          session_memcache_expire: 3600
       
      services:
          session.memcache:
              class: Memcache
              calls:
                   - [ addServer, [ %session_memcache_host%, %session_memcache_port% ]]
       
          session.handler.memcache:
              class: Symfony\Component\HttpFoundation\Session\Storage\Handler\MemcacheSessionHandler
              arguments: [ @session.memcache, { prefix: %session_memcache_prefix%, expiretime: %session_memcache_expire% } ]
      

        Issue Links

          Activity

          Joao Inacio (Inactive) created issue -
          Joao Inacio (Inactive) made changes -
          Field Original Value New Value
          Description When using memcache-based session handler, changes to user roles/policies done through the admin siteaccess will cause the corresponding user to be logged out in the frontend.

          h5. Steps to reproduce:
          # On browser A, login to frontend with user a
          # On browser B, login to admin interface.
          ## Assign a new role to user a, or modify one of the existing role by adding/removing policies

          Result: User A will be logged out.
          When using memcache-based session handler, changes to user roles/policies done through the admin siteaccess will cause the corresponding user to be logged out in the frontend.

          h5. Steps to reproduce:
          # On browser A, login to frontend with user a
          # On browser B, login to admin interface.
          ## Assign a new role to user a, or modify one of the existing role by adding/removing policies

          Result: User A will be logged out.

          h5. Config:
          {code}
          framework:
              session:
                  cookie_domain: .ezpublish.local
                  save_path: %kernel.root_dir%/sessions
                  handler_id: session.handler.memcache

          parameters:
              session_memcache_host: "127.0.0.1"
              session_memcache_port: 9001
              session_memcache_prefix: prefix_
              session_memcache_expire: 3600

          services:
              session.memcache:
                  class: Memcache
                  calls:
                       - [ addServer, [ %session_memcache_host%, %session_memcache_port% ]]

              session.handler.memcache:
                  class: Symfony\Component\HttpFoundation\Session\Storage\Handler\MemcacheSessionHandler
                  arguments: [ @session.memcache, { prefix: %session_memcache_prefix%, expiretime: %session_memcache_expire% } ]
          {config}
          Joao Inacio (Inactive) made changes -
          Description When using memcache-based session handler, changes to user roles/policies done through the admin siteaccess will cause the corresponding user to be logged out in the frontend.

          h5. Steps to reproduce:
          # On browser A, login to frontend with user a
          # On browser B, login to admin interface.
          ## Assign a new role to user a, or modify one of the existing role by adding/removing policies

          Result: User A will be logged out.

          h5. Config:
          {code}
          framework:
              session:
                  cookie_domain: .ezpublish.local
                  save_path: %kernel.root_dir%/sessions
                  handler_id: session.handler.memcache

          parameters:
              session_memcache_host: "127.0.0.1"
              session_memcache_port: 9001
              session_memcache_prefix: prefix_
              session_memcache_expire: 3600

          services:
              session.memcache:
                  class: Memcache
                  calls:
                       - [ addServer, [ %session_memcache_host%, %session_memcache_port% ]]

              session.handler.memcache:
                  class: Symfony\Component\HttpFoundation\Session\Storage\Handler\MemcacheSessionHandler
                  arguments: [ @session.memcache, { prefix: %session_memcache_prefix%, expiretime: %session_memcache_expire% } ]
          {config}
          When using memcache-based session handler, changes to user roles/policies done through the admin siteaccess will cause the corresponding user to be logged out in the frontend.

          h5. Steps to reproduce:
          # On browser A, login to frontend with user a
          # On browser B, login to admin interface.
          ## Assign a new role to user a, or modify one of the existing role by adding/removing policies

          Result: User A will be logged out.

          h5. Config:
          {code}
          framework:
              session:
                  cookie_domain: .ezpublish.local
                  save_path: %kernel.root_dir%/sessions
                  handler_id: session.handler.memcache

          parameters:
              session_memcache_host: "127.0.0.1"
              session_memcache_port: 9001
              session_memcache_prefix: prefix_
              session_memcache_expire: 3600

          services:
              session.memcache:
                  class: Memcache
                  calls:
                       - [ addServer, [ %session_memcache_host%, %session_memcache_port% ]]

              session.handler.memcache:
                  class: Symfony\Component\HttpFoundation\Session\Storage\Handler\MemcacheSessionHandler
                  arguments: [ @session.memcache, { prefix: %session_memcache_prefix%, expiretime: %session_memcache_expire% } ]
          {code}
          Joao Inacio (Inactive) made changes -
          Link This issue relates to EZP-22317 [ EZP-22317 ]
          Joao Inacio (Inactive) made changes -
          Link This issue relates to EZP-20880 [ EZP-20880 ]
          Joao Inacio (Inactive) made changes -
          Status Open [ 1 ] Confirmed [ 10037 ]
          Paulo Lopes (Inactive) made changes -
          Status Confirmed [ 10037 ] InputQ [ 10001 ]
          Joao Inacio (Inactive) made changes -
          Fix Version/s Customer request [ 11018 ]
          Hide
          André Rømcke added a comment -

          This might have to be documented as a known issue in 5.1 as this was fixed in an additional feature added in 5.2 which was a small bc break in regards to settings:
          https://github.com/ezsystems/ezpublish-kernel/commit/5aa01c8b36d57eda808cd97b366fa0ab58cf03b9

          Feel free to attempt to do a backport as PR, and check if all tests pass, however it won't apply cleanly (just tested).

          Alternative here is to point the customer (but test this first) to how he can configure stash to add prefix to the stash cache, so it does not clear session cache as well. It is not documented, but by latests 0.2.x version of StashBundle as I think was used by 5.1, you have the following memcacheD options exposed: https://github.com/tedious/TedivmStashBundle/blob/v0.2.4/DependencyInjection/Configuration.php#L133

          Show
          André Rømcke added a comment - This might have to be documented as a known issue in 5.1 as this was fixed in an additional feature added in 5.2 which was a small bc break in regards to settings: https://github.com/ezsystems/ezpublish-kernel/commit/5aa01c8b36d57eda808cd97b366fa0ab58cf03b9 Feel free to attempt to do a backport as PR, and check if all tests pass, however it won't apply cleanly (just tested). Alternative here is to point the customer (but test this first) to how he can configure stash to add prefix to the stash cache, so it does not clear session cache as well. It is not documented, but by latests 0.2.x version of StashBundle as I think was used by 5.1, you have the following memcacheD options exposed: https://github.com/tedious/TedivmStashBundle/blob/v0.2.4/DependencyInjection/Configuration.php#L133
          André Rømcke made changes -
          Rank Ranked higher
          André Rømcke made changes -
          Assignee André Rømcke [ andre.romcke@ez.no ]
          André Rømcke made changes -
          Component/s Documentation [ 10793 ]
          André Rømcke logged work - 06/Aug/14 6:33 PM
          André Rømcke made changes -
          Status InputQ [ 10001 ] Development [ 3 ]
          Hide
          André Rømcke added a comment -
          Show
          André Rømcke added a comment - Ready for review: https://github.com/ezsystems/ezpublish-kernel-ee/pull/19
          André Rømcke made changes -
          Remaining Estimate 0 minutes [ 0 ]
          Time Spent 6 hours [ 21600 ]
          Worklog Id 49920 [ 49920 ]
          André Rømcke made changes -
          Status Development [ 3 ] Development review [ 10006 ]
          Fix Version/s 5.1 Maintenance [ 12301 ]
          André Rømcke made changes -
          Status Development review [ 10006 ] Development Review done [ 10028 ]
          André Rømcke made changes -
          Status Development Review done [ 10028 ] Documentation done [ 10011 ]
          Rui Silva (Inactive) made changes -
          Status Documentation done [ 10011 ] QA [ 10008 ]
          Assignee André Rømcke [ andre.romcke@ez.no ] Rui Silva [ rui.silva@ez.no ]
          Rui Silva (Inactive) made changes -
          Flagged Impediment [ 10000 ]
          Rui Silva (Inactive) logged work - 11/Aug/14 1:07 PM
          • Time Spent:
            5 hours, 30 minutes
             

            setting up memcache and cluster environment

          Rui Silva (Inactive) logged work - 12/Aug/14 2:00 AM - edited
          • Time Spent:
            3 hours
             

            testing procedures on issue

          Rui Silva (Inactive) made changes -
          Flagged Impediment [ 10000 ]
          Hide
          Rui Silva (Inactive) added a comment -

          In order for reproduce this, the following previous change has to be applied before the one for this issue:
          https://github.com/ezsystems/ezpublish-kernel-ee/commit/e3556f98c9a13f406d8fde0f8e59d87792fd9d81
          QA approved.

          Show
          Rui Silva (Inactive) added a comment - In order for reproduce this, the following previous change has to be applied before the one for this issue: https://github.com/ezsystems/ezpublish-kernel-ee/commit/e3556f98c9a13f406d8fde0f8e59d87792fd9d81 QA approved.
          Rui Silva (Inactive) made changes -
          Assignee Rui Silva [ rui.silva@ez.no ]
          Status QA [ 10008 ] Closed [ 6 ]
          Resolution Fixed [ 1 ]
          Rui Silva (Inactive) logged work - 13/Aug/14 2:00 AM - edited
          • Time Spent:
            3 hours
             

            testing procedures on fix

          Rui Silva (Inactive) made changes -
          Resolution Fixed [ 1 ]
          Status Closed [ 6 ] Reopened [ 4 ]
          Rui Silva (Inactive) made changes -
          Time Spent 6 hours [ 21600 ] 1 day, 3 hours, 30 minutes [ 41400 ]
          Worklog Id 50158 [ 50158 ]
          Rui Silva (Inactive) made changes -
          Status Reopened [ 4 ] Closed [ 6 ]
          Resolution Fixed [ 1 ]
          Rui Silva (Inactive) made changes -
          Resolution Fixed [ 1 ]
          Status Closed [ 6 ] Reopened [ 4 ]
          Rui Silva (Inactive) made changes -
          Time Spent 1 day, 3 hours, 30 minutes [ 41400 ] 1 day, 5 hours, 30 minutes [ 48600 ]
          Worklog Id 50159 [ 50159 ]
          Rui Silva (Inactive) made changes -
          Status Reopened [ 4 ] Closed [ 6 ]
          Resolution Fixed [ 1 ]
          Rui Silva (Inactive) made changes -
          Resolution Fixed [ 1 ]
          Status Closed [ 6 ] Reopened [ 4 ]
          Rui Silva (Inactive) made changes -
          Time Spent 1 day, 5 hours, 30 minutes [ 48600 ] 1 day, 7 hours, 30 minutes [ 55800 ]
          Worklog Id 50160 [ 50160 ]
          Rui Silva (Inactive) made changes -
          Status Reopened [ 4 ] Closed [ 6 ]
          Resolution Fixed [ 1 ]
          Rui Silva (Inactive) made changes -
          Resolution Fixed [ 1 ]
          Status Closed [ 6 ] Reopened [ 4 ]
          Rui Silva (Inactive) made changes -
          Time Spent 1 day, 7 hours, 30 minutes [ 55800 ] 2 days, 30 minutes [ 59400 ]
          Worklog Id 50159 [ 50159 ]
          Rui Silva (Inactive) made changes -
          Status Reopened [ 4 ] Closed [ 6 ]
          Resolution Fixed [ 1 ]
          Rui Silva (Inactive) made changes -
          Resolution Fixed [ 1 ]
          Status Closed [ 6 ] Reopened [ 4 ]
          Rui Silva (Inactive) made changes -
          Time Spent 2 days, 30 minutes [ 59400 ] 2 days, 1 hour, 30 minutes [ 63000 ]
          Worklog Id 50160 [ 50160 ]
          Rui Silva (Inactive) made changes -
          Status Reopened [ 4 ] Closed [ 6 ]
          Resolution Fixed [ 1 ]
          Joao Inacio (Inactive) made changes -
          Link This issue relates to EZP-23267 [ EZP-23267 ]
          André Rømcke made changes -
          Workflow eZ Engineering Scrumban Workflow [ 64053 ] EZ* Development Workflow [ 85261 ]
          Alex Schuster made changes -
          Workflow EZ* Development Workflow [ 85261 ] EZEE Development Workflow [ 124060 ]
          Transition Time In Source Status Execution Times Last Executer Last Execution Date
          Open Open Confirmed Confirmed
          13m 54s 1 joao.inacio@ez.no 29/Jul/14 5:07 PM
          Confirmed Confirmed InputQ InputQ
          7m 48s 1 Paulo Lopes (Inactive) 29/Jul/14 5:15 PM
          InputQ InputQ Development Development
          8d 1h 17m 1 André Rømcke 06/Aug/14 6:33 PM
          Development Development Development Review Development Review
          44s 1 André Rømcke 06/Aug/14 6:33 PM
          Development Review Development Review Development Review done Development Review done
          21h 34m 1 André Rømcke 07/Aug/14 4:08 PM
          Development Review done Development Review done Documentation Review done Documentation Review done
          2m 52s 1 André Rømcke 07/Aug/14 4:11 PM
          Documentation Review done Documentation Review done QA QA
          42m 28s 1 rui.silva@ez.no 07/Aug/14 4:53 PM
          QA QA Closed Closed
          5d 1h 6m 1 rui.silva@ez.no 12/Aug/14 5:59 PM
          Closed Closed Reopened Reopened
          5d 18h 2m 5 rui.silva@ez.no 18/Aug/14 12:02 PM
          Reopened Reopened Closed Closed
          12s 5 rui.silva@ez.no 18/Aug/14 12:02 PM

            People

            • Assignee:
              Unassigned
              Reporter:
              Joao Inacio (Inactive)
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Time Tracking

                Estimated:
                Original Estimate - Not Specified
                Not Specified
                Remaining:
                Remaining Estimate - 0 minutes
                0m
                Logged:
                Time Spent - 2 days, 1 hour, 30 minutes
                2d 1h 30m