Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Idle sessions never expire #57119

Closed
jportner opened this issue Feb 7, 2020 · 3 comments · Fixed by #57149
Closed

Idle sessions never expire #57119

jportner opened this issue Feb 7, 2020 · 3 comments · Fixed by #57149
Assignees
@jportner
Labels
bug Fixes for quality problems that affect the customer experience Team:Security Team focused on: Auth, Users, Roles, Spaces, Audit Logging, and more!

Comments

@jportner
Copy link
Contributor

jportner commented Feb 7, 2020
edited
Loading

Kibana version: 7.x / master

Describe the bug: Idle sessions don't expire. It appears that every time the /internal/security/session API is called to check the session expiration, it renews the session.

Steps to reproduce:

  1. Start Kibana with xpack.security.session.idleTimeout: "75s"
  2. Observe the calls to the /internal/security/session API, and the responses each have an increasing idleTimeoutExpiration property.
  3. Observe that the user's session never expires.

Expected behavior: The user's session should expire after the specified time period of inactivity.
@jportner jportner added bug Fixes for quality problems that affect the customer experience Team:Security Team focused on: Auth, Users, Roles, Spaces, Audit Logging, and more! labels Feb 7, 2020
@jportner jportner self-assigned this Feb 7, 2020
@elasticmachine
Copy link
Contributor

Pinging @elastic/kibana-security (Team:Security)

@jportner jportner mentioned this issue Feb 7, 2020
Merged
@jportner
Copy link
Contributor Author

jportner commented Feb 7, 2020

Looks like the Kibana Platform changed how it handles exposing system requests to plugins. Tested and verified that this issue started after #53734 was merged.

Will submit a PR to fix shortly.

@legrego
Copy link
Member

legrego commented Feb 7, 2020

Thanks for finding and researching this! Gold medal for catching before it shipped 🥇

@jportner jportner mentioned this issue Feb 7, 2020
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jportner jportner

Labels
bug Fixes for quality problems that affect the customer experience Team:Security Team focused on: Auth, Users, Roles, Spaces, Audit Logging, and more!
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fix detection of "system requests" in plugins jportner/kibana
3 participants
@legrego @jportner @elasticmachine