Uploaded image for project: 'HPCC'
  1. HPCC
  2. HPCC-16675

Implement HPCC Session Management

    XMLWordPrintable

Details

    • Major

    Description

      Because ESP is stateless, ECLWatch sends user credentials via unsecure HTTP with most requests. Users are unable to log out of ECLWatch, and because browsers cache credentials, to log in as another user requires clearing the browser cache or entering anonymous mode.
      A better approach is to implement HPCC Sessions, where a user is initially authenticated via an HTTPS login screen, and granted a session ID. This session ID used for further request/responses, all via HTTPS

      Attachments

        Issue Links

          relates to

          New Feature - A new feature of the product, which has yet to be developed. HPCC-16262 Document HPCC session management

          • Major - Major loss of function.
          • Resolved
          1.
          		 Implement ConfigMgr Session Management Sub-task Resolved Russ Whitehead
          2.
          		 Implement Sec Mgr Session Management Sub-task Resolved Russ Whitehead
          3.
          		 Implement ESP Session Management Sub-task Resolved Kevin Wang
          4.
          		 Implement ECLWatch Session Management Sub-task Resolved Miguel Vazquez (Inactive)
          5.
          		 Cookie detection for session management Sub-task Resolved Miguel Vazquez (Inactive)
          6.
          		 Investigate why encrypted UN/pwd is saved in workunit Sub-task Resolved Russ Whitehead
          7.
          		 Provide 'remember login' feature Sub-task Resolved Miguel Vazquez (Inactive)
          8.
          		 Attach a user profile to each user login account Sub-task Resolved Miguel Vazquez (Inactive)
          9.
          		 Implement public key encryption of workunit security token Sub-task Resolved Russ Whitehead
          10.
          		 Force https configuration if security is set Sub-task Resolved Kevin Wang
          11.
          		 Add logout feature with redirect upon success Sub-task Resolved Kunal Aswani
          12.
          		 Missing strings due to path issue after build Sub-task Resolved Michael Gardner
          13.
          		 Add internal timer to ECLWatch to initiate a logout Sub-task Resolved Miguel Vazquez (Inactive)
          14.
          		 Session management for password expired Sub-task Resolved Kevin Wang
          15.
          		 UI failed to redirect to login page when two tabs are open Sub-task Resolved Miguel Vazquez (Inactive)
          16.
          		 ESP log should hide user password from login page Sub-task Resolved Kevin Wang
          17.
          		 ConfigMgr ESP Sessions tab needs some updates Sub-task Resolved Russ Whitehead
          18.
          		 Cannot view ECLWatch page from IDE without logging in again Sub-task Resolved Gordon Smith
          19.
          		 DALI should report interface version on session registration Sub-task Resolved Russ Whitehead
          20.
          		 Enhance Security credentials to include ESP Session and signature Sub-task Resolved Russ Whitehead
          21.
          		 Differentiate between user and auto refresh to reset timers accordingly Sub-task Resolved Miguel Vazquez (Inactive)
          22.
          		 HTPasswd security manager needs to support session Sub-task Resolved Russ Whitehead
          23.
          		 Add utilitarian esp/ call for resetting timer based on user events Sub-task Resolved Kevin Wang

          Activity

            People

              russwhitehead Russ Whitehead
              russwhitehead Russ Whitehead
              Votes:
              0 Vote for this issue
              Watchers:
              8 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: